Jump to content

Trojan.CoinMiner


Recommended Posts

I've been having issues with my CPU usage staying at 100%. Microsoft Security Essentials detected something called "Trojan.CoinMiner", which I assume is using my computer to mine for Bitcoins. I used MSE to remove them, and all seemed fine for a day or so, but it's back, and I can't get MSE to remove it this time. 

 

DDS.txt
-----------------------------------------------------------------------------------------------------------------------------------------
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by Tanner at 13:29:33 on 2013-10-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8190.5736 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
D:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Users\Tanner\Local Settings\Apps\F.lux\flux.exe
D:\Program Files\PeerBlock\peerblock.exe
D:\Program Files (x86)\puush\puush.exe
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Users\Tanner\AppData\Roaming\lsm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files\Java\bin\javaw.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 220.225.253.12:3128
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [F.lux] "C:\Users\Tanner\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
uRun: [puush] D:\Program Files (x86)\puush\puush.exe
uRun: [ooVoo.exe] C:\Program Files (x86)\oovoo\ooVoo.exe /minimized
uRun: [LocalSessionManager] "C:\Users\Tanner\AppData\Roaming\lsm.exe"
uRun: [sysXboot] "D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [startCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [GMouse] "D:\GIGABYTE FORCE\GIGABYTE FORCE.EXE" /hide
mRun: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Tanner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - D:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{3DBE42A2-86E0-48AF-B909-1C4EB48475DC} : DHCPNameServer = 192.168.1.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-4-23 73944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-11 283200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-1-10 29672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-9-5 239616]
R2 AMD FUEL Service;AMD FUEL Service;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-9-5 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-10-1 2746704]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-8 701512]
R2 RadeonPro Support Service;RadeonPro Support Service;D:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-7-6 20608]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-2-24 44928]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-8 25928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2013-7-19 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-10 677480]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-4-23 128728]
S2 AODService;AODService;D:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe --> C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-18 49152]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTCore64;RTCore64;D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
S3 SaiK0CC3;SaiK0CC3;C:\Windows\System32\drivers\SaiK0CC3.sys [2012-9-20 180584]
S3 SaiU0CC3;SaiU0CC3;C:\Windows\System32\drivers\SaiU0CC3.sys [2012-9-20 47208]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-11 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-10-08 18:24:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-08 18:20:02 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC99DB93-454E-401E-94BF-98204FFF9406}\offreg.dll
2013-10-08 18:15:28 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC99DB93-454E-401E-94BF-98204FFF9406}\mpengine.dll
2013-10-07 01:23:19 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-06 16:30:43 -------- d-----w- C:\Users\Tanner\AppData\Local\LogMeIn
2013-10-06 16:30:43 -------- d-----w- C:\ProgramData\LogMeIn
2013-10-05 20:21:57 -------- d-----w- C:\Users\Tanner\AppData\Local\ElevatedDiagnostics
2013-10-03 22:09:22 -------- d-----w- C:\ProgramData\Oracle
2013-10-03 22:09:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-24 18:26:34 25640 ----a-w- C:\Windows\gdrv.sys
2013-09-19 05:43:01 -------- d-----w- C:\Users\Tanner\AppData\Roaming\Guild Wars 2
2013-09-19 02:37:39 -------- d-----w- C:\Users\Tanner\AppData\Local\SmartTechnology
2013-09-19 02:28:55 -------- d-----w- C:\Program Files\SmartTechnology
2013-09-10 21:39:54 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
.
==================== Find3M  ====================
.
2013-10-08 16:18:26 1658880 ----a-w- C:\Users\Tanner\AppData\Roaming\lsm.exe
2013-10-07 21:30:36 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-10-07 21:30:29 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-03 22:08:53 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-30 03:59:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-09-12 21:16:29 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-05 08:56:16 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-09-05 08:51:28 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-09-05 08:00:54 7128240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-09-05 08:00:52 7625784 ----a-w- C:\Windows\System32\atiumd64.dll
2013-09-05 07:59:10 12653568 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-09-05 07:45:56 229888 ----a-w- C:\Windows\System32\clinfo.exe
2013-09-05 07:45:40 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-09-05 07:45:32 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-09-05 07:45:26 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-09-05 07:45:22 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-09-05 07:45:04 28445184 ----a-w- C:\Windows\System32\amdocl64.dll
2013-09-05 07:42:54 23989248 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-09-05 07:41:02 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-09-05 07:40:58 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-09-05 07:38:20 129536 ----a-w- C:\Windows\System32\coinst_13.20.11.dll
2013-09-05 07:25:16 25611264 ----a-w- C:\Windows\System32\atio6axx.dll
2013-09-05 07:24:32 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-09-05 07:24:22 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-09-05 07:24:20 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-09-05 07:24:12 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-09-05 07:24:10 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-09-05 07:23:54 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-09-05 07:20:50 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-09-05 07:06:48 21624320 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-09-05 07:04:32 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-09-05 07:04:22 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-09-05 07:04:14 574976 ----a-w- C:\Windows\System32\atieclxx.exe
2013-09-05 07:03:22 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-09-05 07:01:50 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-09-05 06:34:34 1097728 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-09-05 06:34:20 828416 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-09-05 06:34:04 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-09-05 06:34:00 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-09-05 06:34:00 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-09-05 06:33:54 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-09-05 06:33:44 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-09-05 06:33:34 617984 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-09-05 06:29:40 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-09-05 06:28:00 95744 ----a-w- C:\Windows\System32\amdave64.dll
2013-09-05 06:27:54 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-09-05 06:27:40 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-09-05 06:27:36 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-08-16 07:48:42 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 13:29:41.77 ===============
 
 
Attach.txt
-----------------------------------------------------------------------------------------------------------------------------------------
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2013 11:39:18 PM
System Uptime: 10/8/2013 1:07:59 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M5A78L-M LX PLUS
Processor: AMD Phenom II X4 965 Processor | AM3R2 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 44 GiB total, 12.993 GiB free.
D: is FIXED (NTFS) - 537 GiB total, 193.814 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\ATK0110\1010110
Manufacturer: 
Name: 
PNP Device ID: ACPI\ATK0110\1010110
Service: 
.
==== System Restore Points ===================
.
RP350: 10/8/2013 3:52:03 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7 Days to Die 1.00
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Age of Empires II: HD Edition
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD OverDrive Beta
AMD Steady Video Plug-In 
AMD Wireless Display v3.0
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
Arma 3 Alpha
AutoHotkey 1.1.13.00
Bandisoft MPEG-1 Decoder
Battle.net
Battlefield 3™
Battlefield 4™ Beta
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Bear Force II 0.3
Blockscape Phase 1 (beta)
BOSS
Capsule
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Core Temp 1.0 RC4
Counter-Strike: Global Offensive
Counter-Strike: Source
CPUID HWMonitor 1.21
Curse Client
DAEMON Tools Lite
DivX Setup
ESN Sonar
F.lux
foobar2000 v1.2
Fraps
GIGABYTE FORCE Driver
Google Chrome
Google Earth
Google Update Helper
Guild Wars 2
Happy Cloud Client
HWiNFO64 Version 4.08
Java 7 Update 17 (64-bit)
Java 7 Update 40
Java Auto Updater
K-Lite Codec Pack 9.8.0 (64-bit)
K-Lite Codec Pack 9.8.0 (Standard)
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.43
MechWarrior 3 Pirate's Moon
MechWarrior Online
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliType Pro 8.2
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mount & Blade: Warband
MSI Afterburner 2.3.1
Nexon Game Manager
Nexus Mod Manager
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
ooVoo
Origin
Paint.NET v3.5.10
PeerBlock 1.1 (r518)
PunkBuster Services
puush
Python 3.3.2
RadeonPro 1.0 (Build 1.1.1.0)
RaidCall
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Red Orchestra 2: Heroes of Stalingrad
SC4DatPacker 2008
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
ShiftWindow 1.02
Skype™ 6.3
StarCitizen
Steam
TeamSpeak 3 Client
Terraria
The Anglo Zulu war
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1
The Weather Channel App
Total War: SHOGUN 2
Unity Web Player
Uplay
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
VLC media player 2.0.5
War of the Roses
War Thunder
War Thunder Launcher 1.0.1.185
Windows Live ID Sign-in Assistant
WinRAR 4.20 (64-bit)
WorldPainter 1.2.0
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
10/8/2013 1:08:26 PM, Error: Service Control Manager [7000]  - The Razer Overlay Subsystem Emergency Service service failed to start due to the following error:  The system cannot find the file specified.
10/7/2013 10:39:26 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/6/2013 8:12:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the RadeonPro Support Service service to connect.
10/6/2013 8:12:46 PM, Error: Service Control Manager [7000]  - The RadeonPro Support Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/6/2013 11:27:34 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
10/6/2013 11:27:34 AM, Error: Service Control Manager [7000]  - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/3/2013 6:37:27 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer DAVID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3DBE42A2-86E0-48AF-B909-1C4EB48475DC}. The master browser is stopping or an election is being forced.
10/2/2013 7:26:48 AM, Error: Service Control Manager [7030]  - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:


P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Tanner [Admin rights]

Mode : Scan -- Date : 10/08/2013 14:18:48

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][HJNAME] HKCU\[...]\Run : LocalSessionManager ("C:\Users\Tanner\AppData\Roaming\lsm.exe" [-]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" [7][-]) -> FOUND

[RUN][HJNAME] HKUS\S-1-5-21-1979747309-927448943-1715424303-1000\[...]\Run : LocalSessionManager ("C:\Users\Tanner\AppData\Roaming\lsm.exe" [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1979747309-927448943-1715424303-1000\[...]\Run : sysXboot ("D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" [7][-]) -> FOUND

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (220.225.253.12:3128) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD6400AAKS-65A7B2 ATA Device +++++

--- User ---

[MBR] f6ac7fbb0cb8a3742929ac24f2c381a6

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 44996 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 92358656 | Size: 549998 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10082013_141848.txt >>
Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

omboFix 13-10-08.01 - Tanner 10/08/2013  14:56:31.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8190.6260 [GMT -5:00]

Running from: c:\users\Tanner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\Tanner\AppData\Roaming\lsm.exe

c:\users\Tanner\Desktop\-.lnk

c:\windows\SysWow64\frapsvid.dll

c:\windows\SysWow64\SET9AB8.tmp

D:\install.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-09-08 to 2013-10-08  )))))))))))))))))))))))))))))))

.

.

2013-10-08 19:59 . 2013-10-08 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-08 19:21 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D57E43BE-D83D-47FD-A9D4-C29CCAAE3495}\mpengine.dll

2013-10-08 19:07 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-07 01:23 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-10-06 16:30 . 2013-10-06 16:30 -------- d-----w- c:\users\Tanner\AppData\Local\LogMeIn

2013-10-06 16:30 . 2013-10-06 16:30 -------- d-----w- c:\programdata\LogMeIn

2013-10-05 20:21 . 2013-10-05 20:21 -------- d-----w- c:\users\Tanner\AppData\Local\ElevatedDiagnostics

2013-10-03 22:09 . 2013-10-03 22:09 -------- d-----w- c:\programdata\Oracle

2013-10-03 22:09 . 2013-10-03 22:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-10-03 22:09 . 2013-10-03 22:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-03 22:08 . 2013-10-03 22:08 -------- d-----w- c:\program files (x86)\Java

2013-10-03 22:08 . 2013-10-03 22:08 -------- d-----w- c:\programdata\McAfee

2013-09-24 18:26 . 2013-09-24 18:26 25640 ----a-w- c:\windows\gdrv.sys

2013-09-19 05:43 . 2013-09-19 05:43 -------- d-----w- c:\users\Tanner\AppData\Roaming\Guild Wars 2

2013-09-19 02:37 . 2013-09-19 02:37 -------- d-----w- c:\users\Tanner\AppData\Local\SmartTechnology

2013-09-19 02:28 . 2013-09-22 04:06 -------- d-----w- c:\program files\SmartTechnology

2013-09-10 21:39 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-07 21:30 . 2013-02-24 03:31 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-10-07 21:30 . 2013-02-24 03:31 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-10-03 22:08 . 2013-01-10 06:02 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-09-30 03:59 . 2013-02-24 03:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-09-12 21:16 . 2013-01-11 00:35 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-09-06 21:20 . 2013-09-06 21:20 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88A3684E-5C6C-46D9-A982-6C8129C55ABE}\gapaengine.dll

2013-09-05 08:56 . 2013-09-05 08:56 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

2013-09-05 08:51 . 2013-09-05 08:51 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2013-09-05 08:01 . 2013-09-05 08:01 157736 ----a-w- c:\windows\system32\amdhcp64.dll

2013-09-05 08:01 . 2013-09-05 08:01 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll

2013-09-05 08:01 . 2013-09-05 08:01 78432 ----a-w- c:\windows\system32\atimpc64.dll

2013-09-05 08:01 . 2013-09-05 08:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2013-09-05 08:01 . 2013-09-05 08:01 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2013-09-05 08:01 . 2013-09-05 08:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2013-09-05 08:01 . 2013-09-05 08:01 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2013-09-05 08:01 . 2012-12-19 19:31 143304 ----a-w- c:\windows\system32\atiuxp64.dll

2013-09-05 08:01 . 2012-12-19 19:30 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2013-09-05 08:01 . 2012-09-28 01:11 115512 ----a-w- c:\windows\system32\atiu9p64.dll

2013-09-05 08:01 . 2012-09-28 01:41 1287152 ----a-w- c:\windows\system32\aticfx64.dll

2013-09-05 08:01 . 2013-09-05 08:01 1071328 ----a-w- c:\windows\SysWow64\aticfx32.dll

2013-09-05 08:01 . 2012-12-19 19:49 9067808 ----a-w- c:\windows\system32\atidxx64.dll

2013-09-05 08:01 . 2013-09-05 08:01 7919328 ----a-w- c:\windows\SysWow64\atidxx32.dll

2013-09-05 08:01 . 2013-09-05 08:01 6502024 ----a-w- c:\windows\SysWow64\atiumdva.dll

2013-09-05 08:01 . 2013-09-05 08:01 6549928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2013-09-05 08:00 . 2013-08-15 13:10 7128240 ----a-w- c:\windows\system32\atiumd6a.dll

2013-09-05 08:00 . 2013-08-15 13:10 7625784 ----a-w- c:\windows\system32\atiumd64.dll

2013-09-05 07:59 . 2013-09-05 07:59 12653568 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2013-09-05 07:45 . 2013-09-05 07:45 229888 ----a-w- c:\windows\system32\clinfo.exe

2013-09-05 07:45 . 2013-09-05 07:45 98816 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-09-05 07:45 . 2013-09-05 07:45 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-09-05 07:45 . 2013-09-05 07:45 86528 ----a-w- c:\windows\system32\OVDecode64.dll

2013-09-05 07:45 . 2013-09-05 07:45 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-09-05 07:45 . 2013-09-05 07:45 28445184 ----a-w- c:\windows\system32\amdocl64.dll

2013-09-05 07:42 . 2013-09-05 07:42 23989248 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-09-05 07:41 . 2013-09-05 07:41 63488 ----a-w- c:\windows\system32\OpenCL.dll

2013-09-05 07:40 . 2013-09-05 07:40 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-09-05 07:38 . 2013-09-05 07:38 129536 ----a-w- c:\windows\system32\coinst_13.20.11.dll

2013-09-05 07:25 . 2013-09-05 07:25 25611264 ----a-w- c:\windows\system32\atio6axx.dll

2013-09-05 07:24 . 2013-09-05 07:24 368640 ----a-w- c:\windows\system32\atiapfxx.exe

2013-09-05 07:24 . 2013-09-05 07:24 62464 ----a-w- c:\windows\system32\aticalrt64.dll

2013-09-05 07:24 . 2013-09-05 07:24 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll

2013-09-05 07:24 . 2013-09-05 07:24 55808 ----a-w- c:\windows\system32\aticalcl64.dll

2013-09-05 07:24 . 2013-09-05 07:24 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll

2013-09-05 07:23 . 2013-09-05 07:23 15716352 ----a-w- c:\windows\system32\aticaldd64.dll

2013-09-05 07:20 . 2013-09-05 07:20 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll

2013-09-05 07:06 . 2013-09-05 07:06 21624320 ----a-w- c:\windows\SysWow64\atioglxx.dll

2013-09-05 07:04 . 2013-09-05 07:04 442368 ----a-w- c:\windows\system32\atidemgy.dll

2013-09-05 07:04 . 2013-09-05 07:04 26112 ----a-w- c:\windows\system32\atimuixx.dll

2013-09-05 07:04 . 2013-09-05 07:04 574976 ----a-w- c:\windows\system32\atieclxx.exe

2013-09-05 07:03 . 2013-09-05 07:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2013-09-05 07:01 . 2013-09-05 07:01 190976 ----a-w- c:\windows\system32\atitmm64.dll

2013-09-05 06:34 . 2013-09-05 06:34 1097728 ----a-w- c:\windows\system32\atiadlxx.dll

2013-09-05 06:34 . 2013-09-05 06:34 828416 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2013-09-05 06:34 . 2013-09-05 06:34 75264 ----a-w- c:\windows\system32\atig6pxx.dll

2013-09-05 06:34 . 2013-09-05 06:34 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2013-09-05 06:34 . 2013-09-05 06:34 69632 ----a-w- c:\windows\system32\atiglpxx.dll

2013-09-05 06:33 . 2013-09-05 06:33 100352 ----a-w- c:\windows\system32\atig6txx.dll

2013-09-05 06:33 . 2013-09-05 06:33 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2013-09-05 06:33 . 2013-09-05 06:33 617984 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2013-09-05 06:29 . 2013-09-05 06:29 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2013-09-05 06:28 . 2013-09-05 06:28 95744 ----a-w- c:\windows\system32\amdave64.dll

2013-09-05 06:27 . 2013-09-05 06:27 90112 ----a-w- c:\windows\SysWow64\amdave32.dll

2013-09-05 06:27 . 2013-09-05 06:27 89088 ----a-w- c:\windows\system32\atisamu64.dll

2013-09-05 06:27 . 2013-09-05 06:27 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll

2013-08-23 07:22 . 2013-03-13 00:37 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-08-16 07:48 . 2013-08-16 07:49 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll

2013-08-02 01:48 . 2013-09-10 21:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-25 09:25 . 2013-08-14 19:18 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-14 19:18 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58 . 2013-08-14 19:18 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-19 01:41 . 2013-08-14 19:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\program files (x86)\Steam\steam.exe" [2013-10-05 1813928]

"F.lux"="c:\users\Tanner\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]

"PeerBlock"="d:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

"puush"="d:\program files (x86)\puush\puush.exe" [2013-08-10 567880]

"ooVoo.exe"="c:\program files (x86)\oovoo\ooVoo.exe" [2013-08-04 35253824]

"sysXboot"="d:\program files\Java\bin\javaw.exe" [2013-03-14 188832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-05 766208]

"GMouse"="d:\gigabyte force\GIGABYTE FORCE.EXE" [2012-10-04 1253376]

"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AODService;AODService;d:\program files (x86)\AMD\OverDrive\AODAssist.exe;d:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ALSysIO;ALSysIO;c:\users\Tanner\AppData\Local\Temp\ALSysIO64.sys;c:\users\Tanner\AppData\Local\Temp\ALSysIO64.sys [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTCore64;RTCore64;d:\program files (x86)\MSI Afterburner\RTCore64.sys;d:\program files (x86)\MSI Afterburner\RTCore64.sys [x]

R3 SaiK0CC3;SaiK0CC3;c:\windows\system32\DRIVERS\SaiK0CC3.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CC3.sys [x]

R3 SaiU0CC3;SaiU0CC3;c:\windows\system32\DRIVERS\SaiU0CC3.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CC3.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.2.0;AODDriver4.2.0;d:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;d:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 RadeonPro Support Service;RadeonPro Support Service;d:\program files (x86)\RadeonPro\RadeonProSupport.exe;d:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-10 03:11]

.

2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 18:27]

.

2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 18:27]

.

2013-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000Core.job

- c:\users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-10 06:02]

.

2013-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000UA.job

- c:\users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-10 06:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = 220.225.253.12:3128

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-LocalSessionManager - c:\users\Tanner\AppData\Roaming\lsm.exe

c:\users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk - d:\program files (x86)\GameStop App\Now\GameStopNow.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-BattlEye for A2 - d:\program files (x86)\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe

AddRemove-Bear Force II - d:\program files (x86)\Steam\SteamApps\common\mountblade warband\Modules\Bear_Force_II_0.3\uninst.exe

AddRemove-Blockscape_is1 - d:\program files (x86)\Blockscape\unins000.exe

AddRemove-foobar2000 - c:\program files (x86)\foobar2000\uninstall.exe

AddRemove-Steam App 48700 - c:\program files (x86)\Steam\steam.exe

AddRemove-The Elder Scrolls V Skyrim Dragonborn © Bethes~300CD4A2_is1 - d:\program files (x86)\The Elder Scrolls V Skyrim\unins000.exe

AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,

   68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:36,14,a7,5d,da,8b,ce,01

.

[HKEY_USERS\S-1-5-21-1979747309-927448943-1715424303-1000\Software\SecuROM\License information*]

"datasecu"=hex:6a,28,ef,2e,ed,89,85,30,a1,a9,ce,6c,57,a2,af,8f,0f,db,06,6b,10,

   81,8d,16,56,6c,06,3a,e6,59,f0,91,af,66,6f,d4,0c,6d,43,6d,17,f4,c0,bc,95,bd,\

"rkeysecu"=hex:98,de,5e,9b,9b,a2,e9,b2,67,4a,10,1c,cc,72,d0,70

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-10-08  15:00:36

ComboFix-quarantined-files.txt  2013-10-08 20:00

.

Pre-Run: 13,675,704,320 bytes free

Post-Run: 13,611,515,904 bytes free

.

- - End Of File - - AE03D20821E8BC771C55B2218F0765B1

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

  • Root Admin

Did you set this proxy server setting on purpose or are you even aware of it?

 

ProxyServer = 220.225.253.12:3128

 

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

As far as I know, I did not set the proxy. Might be I just don't remember.

 

The MBAR scan came up with nothing the first time, so I didn't bother running a second scan. Let me know if you want me to run it again.

 

MBAR

-----------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
 
Database version: v2013.10.08.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Tanner :: PINEAPPLE-PC [administrator]
 
10/8/2013 3:16:00 PM
mbar-log-2013-10-08 (15-16-00).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 227708
Time elapsed: 6 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

 

 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16686
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.415000 GHz
Memory total: 8587960320, free: 6088957952
 
Downloaded database version: v2013.10.08.08
Downloaded database version: v2013.09.30.01
=======================================
Initializing...
------------ Kernel report ------------
     10/08/2013 15:15:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\RzFilter.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\??\C:\Windows\system32\drivers\RzDxgk.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mcvidrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mcaudrv_x64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\drivers\SaiBus.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\SaiMini.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a04060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80079f5060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079399b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80079f5060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 92151808
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 92358656  Numsec = 1126396504
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 640135028736 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 
-----------------------------------------------------------------------------------------------------------------------------------------
JRT
-----------------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Tanner on Tue 10/08/2013 at 15:23:35.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Tanner\appdata\locallow\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/08/2013 at 15:27:19.35
End of JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-----------------------------------------------------------------------------------------------------------------------------------------
ADW
-----------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v3.006 - Report created 08/10/2013 at 15:56:56
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Tanner - PINEAPPLE-PC
# Running from : C:\Users\Tanner\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Users\Tanner\AppData\Local\PackageAware
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [810 octets] - [08/10/2013 15:56:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [869 octets] ##########
 
Link to post
Share on other sites

ESET

-----------------------------------------------------------------------------------------------------------------------------------------

C:\Qoobox\Quarantine\C\Users\Tanner\AppData\Roaming\lsm.exe.vir a variant of Win32/CoinMiner.CF trojan
 
 
-----------------------------------------------------------------------------------------------------------------------------------------
FRST.txt
-----------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Tanner (administrator) on PINEAPPLE-PC on 08-10-2013 17:02:26
Running from C:\Users\Tanner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) D:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Oracle Corporation) D:\Program Files\Java\bin\javaw.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Valve Corporation) D:\Program Files (x86)\Steam\steam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [steam] - D:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-04] (Valve Corporation)
HKCU\...\Run: [F.lux] - C:\Users\Tanner\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [PeerBlock] - D:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKCU\...\Run: [puush] - D:\Program Files (x86)\puush\puush.exe [567880 2013-08-10] ()
HKCU\...\Run: [ooVoo.exe] - C:\Program Files (x86)\oovoo\ooVoo.exe [35253824 2013-08-04] (ooVoo LLC)
HKCU\...\Run: [sysXboot] - "D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" <===== ATTENTION
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [startCCC] - D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GMouse] - D:\GIGABYTE FORCE\GIGABYTE FORCE.EXE [1253376 2012-10-04] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 220.225.253.12:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE501A18F7EECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1
CHR Extension: (4chan Plus) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\3.0.0_0
CHR Extension: (Gmail) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-05] (Advanced Micro Devices, Inc.)
S2 AODService; D:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-09-20] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-02-10] ()
R2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2746704 2013-10-01] (LogMeIn Inc.)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-29] ()
R2 RadeonPro Support Service; D:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-04-13] (Mr. John aka japamd)
S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
R2 AODDriver4.2.0; D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-11] (DT Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-24] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-24] (Windows ® Server 2003 DDK provider)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-10] (REALiX)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128728 2013-04-18] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [73944 2013-04-18] (Razer USA Ltd)
S3 SaiK0CC3; C:\Windows\System32\DRIVERS\SaiK0CC3.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CC3; C:\Windows\System32\DRIVERS\SaiU0CC3.sys [47208 2012-09-20] (Saitek)
S3 ALSysIO; \??\C:\Users\Tanner\AppData\Local\Temp\ALSysIO64.sys [x]
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-08 17:02 - 2013-10-08 17:02 - 00000000 ____D C:\FRST
2013-10-08 17:01 - 2013-10-08 17:01 - 00000104 _____ C:\Users\Tanner\Desktop\ESET.txt
2013-10-08 15:59 - 2013-10-08 15:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-08 15:56 - 2013-10-08 15:57 - 00000000 ____D C:\AdwCleaner
2013-10-08 15:56 - 2013-10-08 15:56 - 01954124 _____ (Farbar) C:\Users\Tanner\Desktop\FRST64.exe
2013-10-08 15:27 - 2013-10-08 15:27 - 00001495 _____ C:\Users\Tanner\Desktop\JRT.txt
2013-10-08 15:23 - 2013-10-08 15:23 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 15:15 - 2013-10-08 15:23 - 00000000 ____D C:\Users\Tanner\Desktop\mbar
2013-10-08 15:15 - 2013-10-08 15:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-08 15:14 - 2013-10-08 15:14 - 01045226 _____ C:\Users\Tanner\Desktop\AdwCleaner.exe
2013-10-08 15:14 - 2013-10-08 15:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tanner\Desktop\mbar-1.07.0.1005.exe
2013-10-08 15:14 - 2013-10-08 15:13 - 01032220 _____ (Thisisu) C:\Users\Tanner\Desktop\JRT.exe
2013-10-08 15:00 - 2013-10-08 15:00 - 00025572 _____ C:\ComboFix.txt
2013-10-08 14:55 - 2013-10-08 15:00 - 00000000 ____D C:\Qoobox
2013-10-08 14:55 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-08 14:55 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-08 14:55 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-08 14:53 - 2013-10-08 14:53 - 05132072 ____R (Swearware) C:\Users\Tanner\Desktop\ComboFix.exe
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\Users\Tanner\Desktop\combofix
2013-10-08 14:18 - 2013-10-08 14:18 - 00002683 _____ C:\Users\Tanner\Desktop\RKreport[0]_S_10082013_141848.txt
2013-10-08 14:17 - 2013-10-08 14:18 - 00000000 ____D C:\Users\Tanner\Desktop\RK_Quarantine
2013-10-08 14:16 - 2013-10-08 14:59 - 00000000 ____D C:\Windows\ERDNT
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\Tanner\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\Tanner\Desktop\ERUNT.lnk
2013-10-08 14:14 - 2013-10-08 14:15 - 00002528 _____ C:\Users\Tanner\Desktop\Rkill.txt
2013-10-08 14:14 - 2013-10-08 14:14 - 00000000 ____D C:\Users\Tanner\Desktop\rkill
2013-10-08 14:13 - 2013-10-08 14:13 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Tanner\Desktop\erunt-setup.exe
2013-10-08 14:13 - 2013-10-08 14:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tanner\Desktop\rkill.exe
2013-10-08 14:13 - 2013-10-08 13:05 - 03980800 _____ C:\Users\Tanner\Desktop\RogueKillerX64.exe
2013-10-08 14:07 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-08 13:15 - 2013-10-08 13:36 - 00007713 _____ C:\Users\Tanner\Desktop\attach.txt
2013-10-08 13:15 - 2013-10-08 13:29 - 00020635 _____ C:\Users\Tanner\Desktop\dds.txt
2013-10-08 13:13 - 2013-10-08 13:13 - 00688992 ____R (Swearware) C:\Users\Tanner\Desktop\dds.scr
2013-10-08 13:08 - 2013-10-08 13:08 - 00000336 _____ C:\Windows\PFRO.log
2013-10-07 13:02 - 2013-10-07 13:02 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4 Beta
2013-10-06 21:35 - 2013-10-06 21:37 - 00000042 _____ C:\Users\Tanner\Documents\gameservers
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\Users\Tanner\AppData\Local\LogMeIn
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-03 17:09 - 2013-10-03 17:09 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 17:09 - 2013-10-03 17:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 17:09 - 2013-10-03 17:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 17:09 - 2013-10-03 17:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 17:09 - 2013-10-03 17:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\ProgramData\McAfee
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-01 03:01 - 2013-10-01 03:01 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4
2013-09-24 13:26 - 2013-09-24 13:26 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-24 01:55 - 2013-09-24 01:55 - 00001351 _____ C:\Users\Tanner\Documents\AutoHotkeyU64.ahk
2013-09-19 00:43 - 2013-09-19 00:43 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Guild Wars 2
2013-09-18 21:37 - 2013-09-18 21:37 - 00000000 ____D C:\Users\Tanner\AppData\Local\SmartTechnology
2013-09-18 21:28 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\SmartTechnology
2013-09-16 01:39 - 2013-09-16 01:39 - 00000000 ____D C:\Users\Tanner\Documents\Paradox Interactive
2013-09-16 01:33 - 2013-10-01 19:01 - 00055495 _____ C:\Windows\DirectX.log
2013-09-14 01:36 - 2013-10-08 14:03 - 00004560 _____ C:\Windows\setupact.log
2013-09-14 01:36 - 2013-09-14 01:36 - 00000000 _____ C:\Windows\setuperr.log
2013-09-11 03:02 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 03:02 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 03:02 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 03:02 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 03:02 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 03:02 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 03:02 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 03:02 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 03:02 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 03:02 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 03:02 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 03:02 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 16:39 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 16:39 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 16:39 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 16:39 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 16:39 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 16:39 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 16:39 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 16:39 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 16:39 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 16:39 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 16:39 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 16:39 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 16:39 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 16:39 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 16:39 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 16:39 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 16:39 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 16:39 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 16:39 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 16:39 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 16:39 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 16:39 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 16:39 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 16:39 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 16:39 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 
==================== One Month Modified Files and Folders =======
 
2013-10-08 17:02 - 2013-10-08 17:02 - 00000000 ____D C:\FRST
2013-10-08 17:01 - 2013-10-08 17:01 - 00000104 _____ C:\Users\Tanner\Desktop\ESET.txt
2013-10-08 16:52 - 2013-04-10 13:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 16:43 - 2013-01-10 01:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000UA.job
2013-10-08 16:42 - 2013-01-10 01:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 15:59 - 2013-10-08 15:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-08 15:57 - 2013-10-08 15:56 - 00000000 ____D C:\AdwCleaner
2013-10-08 15:56 - 2013-10-08 15:56 - 01954124 _____ (Farbar) C:\Users\Tanner\Desktop\FRST64.exe
2013-10-08 15:27 - 2013-10-08 15:27 - 00001495 _____ C:\Users\Tanner\Desktop\JRT.txt
2013-10-08 15:23 - 2013-10-08 15:23 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 15:23 - 2013-10-08 15:15 - 00000000 ____D C:\Users\Tanner\Desktop\mbar
2013-10-08 15:23 - 2013-10-08 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-08 15:14 - 2013-10-08 15:14 - 01045226 _____ C:\Users\Tanner\Desktop\AdwCleaner.exe
2013-10-08 15:13 - 2013-10-08 15:14 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tanner\Desktop\mbar-1.07.0.1005.exe
2013-10-08 15:13 - 2013-10-08 15:14 - 01032220 _____ (Thisisu) C:\Users\Tanner\Desktop\JRT.exe
2013-10-08 15:04 - 2013-02-15 19:11 - 00000000 ____D C:\Users\Tanner\AppData\Local\Apps\2.0
2013-10-08 15:00 - 2013-10-08 15:00 - 00025572 _____ C:\ComboFix.txt
2013-10-08 15:00 - 2013-10-08 14:55 - 00000000 ____D C:\Qoobox
2013-10-08 15:00 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-10-08 14:59 - 2013-10-08 14:16 - 00000000 ____D C:\Windows\ERDNT
2013-10-08 14:59 - 2013-01-10 00:39 - 00000000 ___RD C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 14:59 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-10-08 14:53 - 2013-10-08 14:53 - 05132072 ____R (Swearware) C:\Users\Tanner\Desktop\ComboFix.exe
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\Users\Tanner\Desktop\combofix
2013-10-08 14:18 - 2013-10-08 14:18 - 00002683 _____ C:\Users\Tanner\Desktop\RKreport[0]_S_10082013_141848.txt
2013-10-08 14:18 - 2013-10-08 14:17 - 00000000 ____D C:\Users\Tanner\Desktop\RK_Quarantine
2013-10-08 14:16 - 2013-01-10 01:03 - 00000000 ____D C:\Users\Tanner\Desktop\Shortcuts
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\Tanner\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\Tanner\Desktop\ERUNT.lnk
2013-10-08 14:15 - 2013-10-08 14:14 - 00002528 _____ C:\Users\Tanner\Desktop\Rkill.txt
2013-10-08 14:14 - 2013-10-08 14:14 - 00000000 ____D C:\Users\Tanner\Desktop\rkill
2013-10-08 14:13 - 2013-10-08 14:13 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Tanner\Desktop\erunt-setup.exe
2013-10-08 14:12 - 2013-10-08 14:13 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tanner\Desktop\rkill.exe
2013-10-08 14:12 - 2009-07-13 23:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 14:12 - 2009-07-13 23:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 14:08 - 2013-01-10 00:39 - 01936468 _____ C:\Windows\WindowsUpdate.log
2013-10-08 14:05 - 2013-05-13 20:21 - 00000000 ____D C:\Users\Tanner\AppData\Local\LogMeIn Hamachi
2013-10-08 14:04 - 2013-04-10 13:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 14:03 - 2013-09-14 01:36 - 00004560 _____ C:\Windows\setupact.log
2013-10-08 14:03 - 2013-01-29 17:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-08 14:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 13:36 - 2013-10-08 13:15 - 00007713 _____ C:\Users\Tanner\Desktop\attach.txt
2013-10-08 13:29 - 2013-10-08 13:15 - 00020635 _____ C:\Users\Tanner\Desktop\dds.txt
2013-10-08 13:13 - 2013-10-08 13:13 - 00688992 ____R (Swearware) C:\Users\Tanner\Desktop\dds.scr
2013-10-08 13:08 - 2013-10-08 13:08 - 00000336 _____ C:\Windows\PFRO.log
2013-10-08 13:05 - 2013-10-08 14:13 - 03980800 _____ C:\Users\Tanner\Desktop\RogueKillerX64.exe
2013-10-08 12:19 - 2013-01-10 01:02 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\uTorrent
2013-10-08 02:43 - 2013-01-13 01:06 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\foobar2000
2013-10-08 01:43 - 2013-01-10 01:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000Core.job
2013-10-08 00:51 - 2013-01-11 22:51 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\TS3Client
2013-10-07 16:30 - 2013-02-23 22:31 - 00215416 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-07 16:30 - 2013-02-23 22:31 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-07 13:09 - 2013-01-11 21:00 - 00000000 ____D C:\Users\Tanner\AppData\Local\TeamSpeak 3 Client
2013-10-07 13:02 - 2013-10-07 13:02 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4 Beta
2013-10-07 01:38 - 2013-01-10 01:02 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000UA
2013-10-07 01:38 - 2013-01-10 01:02 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000Core
2013-10-06 21:37 - 2013-10-06 21:35 - 00000042 _____ C:\Users\Tanner\Documents\gameservers
2013-10-06 20:12 - 2013-01-10 00:39 - 00000000 ____D C:\Users\Tanner
2013-10-06 20:01 - 2013-08-10 02:32 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\puush
2013-10-06 20:01 - 2013-01-17 22:20 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Ventrilo
2013-10-06 20:01 - 2013-01-10 19:11 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-06 20:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-10-06 20:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-06 18:14 - 2013-01-10 04:35 - 00007601 _____ C:\Users\Tanner\AppData\Local\Resmon.ResmonCfg
2013-10-06 18:08 - 2013-02-15 19:11 - 00000000 ____D C:\Users\Tanner\AppData\Local\Deployment
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\Users\Tanner\AppData\Local\LogMeIn
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-05 15:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-03 17:09 - 2013-10-03 17:09 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 17:08 - 2013-10-03 17:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 17:08 - 2013-10-03 17:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 17:08 - 2013-10-03 17:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 17:08 - 2013-10-03 17:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\ProgramData\McAfee
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 17:08 - 2013-01-10 01:02 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-03 10:47 - 2013-04-10 13:27 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-03 10:47 - 2013-04-10 13:27 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 21:37 - 2013-01-10 19:35 - 00000000 ____D C:\Users\Tanner\AppData\Local\PunkBuster
2013-10-01 19:01 - 2013-09-16 01:33 - 00055495 _____ C:\Windows\DirectX.log
2013-10-01 16:56 - 2013-09-03 19:38 - 00000248 _____ C:\Users\Tanner\Desktop\config.ini
2013-10-01 03:01 - 2013-10-01 03:01 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4
2013-09-29 22:59 - 2013-04-07 20:32 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-29 22:59 - 2013-02-23 22:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-25 12:19 - 2013-06-21 13:52 - 00000000 ____D C:\Users\Tanner\AppData\Local\Arma 3
2013-09-24 13:30 - 2009-07-14 00:13 - 00780436 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 13:26 - 2013-09-24 13:26 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-24 01:55 - 2013-09-24 01:55 - 00001351 _____ C:\Users\Tanner\Documents\AutoHotkeyU64.ahk
2013-09-24 01:53 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2013-09-23 18:51 - 2013-02-09 18:18 - 00000000 ____D C:\Users\Tanner\AppData\Local\Microsoft Games
2013-09-21 23:06 - 2013-09-18 21:28 - 00000000 ____D C:\Program Files\SmartTechnology
2013-09-21 22:54 - 2013-01-25 22:40 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-21 13:31 - 2013-08-04 12:12 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-DRIVE-0.3
2013-09-19 00:43 - 2013-09-19 00:43 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Guild Wars 2
2013-09-19 00:43 - 2013-01-22 22:30 - 00000000 ____D C:\Users\Tanner\Documents\Guild Wars 2
2013-09-18 21:37 - 2013-09-18 21:37 - 00000000 ____D C:\Users\Tanner\AppData\Local\SmartTechnology
2013-09-16 01:39 - 2013-09-16 01:39 - 00000000 ____D C:\Users\Tanner\Documents\Paradox Interactive
2013-09-16 01:31 - 2013-01-11 00:29 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\DAEMON Tools Lite
2013-09-14 01:36 - 2013-09-14 01:36 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 22:16 - 2013-03-14 01:09 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Media Player Classic
2013-09-12 16:16 - 2013-01-10 19:35 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-12 13:32 - 2013-01-10 16:33 - 00000000 ____D C:\Windows\Panther
2013-09-11 11:31 - 2013-01-10 00:39 - 00000000 ___RD C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 03:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 03:20 - 2009-07-13 23:45 - 00290456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 19:03 - 2013-01-10 00:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
Files to move or delete:
====================
C:\Users\Tanner\worldpainter_64_1.2.0.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-01 04:18
 
==================== End Of Log ============================
 
-----------------------------------------------------------------------------------------------------------------------------------------
Addition.txt
-----------------------------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Tanner at 2013-10-08 17:03:04
Running from C:\Users\Tanner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
 
==================== Installed Programs ======================
 
7 Days to Die 1.00 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.168)
Adobe Flash Player 11 Plugin (x32 Version: 11.5.502.146)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02)
Age of Empires II: HD Edition (x32)
AMD Accelerated Video Transcoding (Version: 13.20.100.30905)
AMD Catalyst Control Center (x32 Version: 2013.0905.312.3832)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0905.312.3832)
AMD Media Foundation Decoders (Version: 1.0.80905.0331)
AMD OverDrive Beta (x32 Version: 4.2.3.0625)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD Wireless Display v3.0 (Version: 1.0.0.14)
ARMA 2 Operation Arrowhead Uninstall (x32)
ArmA 2 Uninstall (x32)
Arma 3 Alpha (x32)
AutoHotkey 1.1.13.00 (Version: 1.1.13.00)
Bandisoft MPEG-1 Decoder (x32)
Battle.net (x32)
Battlefield 3™ (x32 Version: 1.5.0.0)
Battlefield 4™ Beta (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
Bear Force II 0.3 (x32 Version: 0.3)
Blockscape Phase 1 (beta) (x32)
BOSS (x32 Version: 2.1.1)
Capsule (x32 Version: 1.0.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0905.312.3832)
Catalyst Control Center InstallProxy (x32 Version: 2013.0905.312.3832)
Catalyst Control Center Localization All (x32 Version: 2013.0905.312.3832)
CCC Help Chinese Standard (x32 Version: 2013.0905.0311.3832)
CCC Help Chinese Traditional (x32 Version: 2013.0905.0311.3832)
CCC Help Czech (x32 Version: 2013.0905.0311.3832)
CCC Help Danish (x32 Version: 2013.0905.0311.3832)
CCC Help Dutch (x32 Version: 2013.0905.0311.3832)
CCC Help English (x32 Version: 2013.0905.0311.3832)
CCC Help Finnish (x32 Version: 2013.0905.0311.3832)
CCC Help French (x32 Version: 2013.0905.0311.3832)
CCC Help German (x32 Version: 2013.0905.0311.3832)
CCC Help Greek (x32 Version: 2013.0905.0311.3832)
CCC Help Hungarian (x32 Version: 2013.0905.0311.3832)
CCC Help Italian (x32 Version: 2013.0905.0311.3832)
CCC Help Japanese (x32 Version: 2013.0905.0311.3832)
CCC Help Korean (x32 Version: 2013.0905.0311.3832)
CCC Help Norwegian (x32 Version: 2013.0905.0311.3832)
CCC Help Polish (x32 Version: 2013.0905.0311.3832)
CCC Help Portuguese (x32 Version: 2013.0905.0311.3832)
CCC Help Russian (x32 Version: 2013.0905.0311.3832)
CCC Help Spanish (x32 Version: 2013.0905.0311.3832)
CCC Help Swedish (x32 Version: 2013.0905.0311.3832)
CCC Help Thai (x32 Version: 2013.0905.0311.3832)
CCC Help Turkish (x32 Version: 2013.0905.0311.3832)
ccc-utility64 (Version: 2013.0905.312.3832)
CCleaner (Version: 3.26)
Core Temp 1.0 RC4 (Version: 1.0)
Counter-Strike: Global Offensive (x32)
Counter-Strike: Source (x32)
CPUID HWMonitor 1.21
Curse Client (HKCU Version: 5.1.1.792)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
DivX Setup (x32 Version: 2.6.1.44)
ERUNT 1.1j (x32)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
F.lux (HKCU)
foobar2000 v1.2 (x32 Version: 1.2)
Fraps (x32)
GIGABYTE FORCE Driver (x32)
Google Chrome (HKCU Version: 30.0.1599.69)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Guild Wars 2 (x32)
Happy Cloud Client (HKCU Version: 1.386)
HWiNFO64 Version 4.08 (Version: 4.08)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
K-Lite Codec Pack 9.8.0 (64-bit) (Version: 9.8.0)
K-Lite Codec Pack 9.8.0 (Standard) (x32 Version: 9.8.0)
LogMeIn Hamachi (x32 Version: 2.2.0.58)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
ManyCam 3.1.43 (x32 Version: 3.1.43)
MechWarrior 3 Pirate's Moon (x32)
MechWarrior Online (HKCU Version: 1.2.0.0)
MechWarrior Online (x32 Version: 1.2.0.0)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.20911)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mount & Blade: Warband (x32)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
Nexon Game Manager (x32)
Nexus Mod Manager (Version: 0.44.16)
NVIDIA 3D Vision Controller Driver 310.90 (Version: 310.90)
NVIDIA 3D Vision Driver 310.90 (Version: 310.90)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1090)
ooVoo (x32 Version: 3.5.9056)
Origin (x32 Version: 9.1.3.2637)
Paint.NET v3.5.10 (Version: 3.60.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PunkBuster Services (x32 Version: 0.993)
puush (x32 Version: 1.0.0.0)
Python 3.3.2 (x32 Version: 3.3.2150)
RadeonPro 1.0 (Build 1.1.1.0) (x32)
RaidCall (x32 Version: 7.2.6-1.0.8500.17)
Realtek Ethernet Controller Driver (x32 Version: 7.52.203.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Red Orchestra 2: Heroes of Stalingrad (x32)
SC4DatPacker 2008 (HKCU)
ShiftWindow 1.02 (x32)
Skype™ 6.3 (x32 Version: 6.3.107)
StarCitizen (x32 Version: 1.0)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (HKCU Version: 3.0.13)
Terraria (x32)
The Anglo Zulu war (x32 Version: 1.0.0)
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (x32 Version: 1)
The Weather Channel App (x32)
Total War: SHOGUN 2 (x32)
Unity Web Player (HKCU Version: )
Uplay (x32 Version: 2.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.5 (x32 Version: 2.0.5)
War of the Roses (x32)
War Thunder (x32)
War Thunder Launcher 1.0.1.185 (x32)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WorldPainter 1.2.0 (Version: 1.2.0)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
 
==================== Restore Points  =========================
 
08-10-2013 08:52:03 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-10-08 14:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {06FB6039-0F28-4F14-9C36-7FB61DAF429F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000Core => C:\Users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)
Task: {0A505291-74B3-4F75-A966-9489F3E017E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000UA => C:\Users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)
Task: {247D88D5-DC06-4828-8952-2D8ED576AC95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {2DD36C2A-084A-4847-B67C-2CBA75BFE921} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {428C0C13-5BAF-4677-82D9-4B9DEAE186E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24] (Adobe Systems Incorporated)
Task: {8F80DF75-76DB-46F3-9CC1-177BCB1EE423} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {ED1355B0-84A8-44F1-92A2-265563027835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000Core.job => C:\Users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000UA.job => C:\Users\Tanner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 03:15 - 2013-09-05 03:15 - 00102400 _____ () D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-03-12 17:10 - 2013-08-21 17:18 - 00687104 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2013-01-10 18:05 - 2013-10-04 19:54 - 01121704 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-01-10 18:05 - 2013-09-10 17:20 - 20625832 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2013-01-10 18:05 - 2013-06-14 18:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-01-10 18:05 - 2013-06-14 18:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-01-10 18:05 - 2013-06-14 18:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-05 05:40 - 2013-10-03 01:02 - 00698832 _____ () C:\Users\Tanner\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-05 05:40 - 2013-10-03 01:02 - 00099792 _____ () C:\Users\Tanner\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-05 05:40 - 2013-10-03 01:03 - 04055504 _____ () C:\Users\Tanner\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-05 05:40 - 2013-10-03 01:03 - 00415184 _____ () C:\Users\Tanner\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-05 05:40 - 2013-10-03 01:02 - 01604560 _____ () C:\Users\Tanner\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-10-05 05:40 - 2013-10-03 01:03 - 13611984 _____ () C:\Users\Tanner\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:D56FBB0B
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-08 14:59:09.266
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-08 14:59:09.235
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 8190.12 MB
Available physical RAM: 4804.06 MB
Total Pagefile: 16378.42 MB
Available Pagefile: 12066.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:43.94 GB) (Free:12.49 GB) NTFS
Drive d: (Everything else) (Fixed) (Total:537.11 GB) (Free:193.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=44 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=537 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of JAVA from your Control Panel, Add/Remove

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

 

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

 

After you've run the items above then run the following.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

JavaRa

-----------------------------------------------------------------------------------------------------------------------------------------

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Tue Oct 08 17:36:54 2013
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: Applications\java.exe
 
Found and removed: Applications\javaw.exe
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
 
Found and removed: Software\JavaSoft\Java Update
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401
 
Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401
 
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B338232391207FF
 
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\.jar
 
Found and removed: SOFTWARE\Classes\.jnlp
 
Found and removed: SOFTWARE\Classes\jarfile
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0
 
Found and removed: SOFTWARE\Classes\JNLPFile
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
-----------------------------------------------------------------------------------------------------------------------------------------
Fixlog
-----------------------------------------------------------------------------------------------------------------------------------------
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Tanner at 2013-10-08 17:42:23 Run:1
Running from C:\Users\Tanner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ProxyServer: 220.225.253.12:3128
HKCU\...\Run: [sysXboot] - "D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" <===== ATTENTION
C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
S3 ALSysIO; \??\C:\Users\Tanner\AppData\Local\Temp\ALSysIO64.sys [x]
C:\Users\Tanner\worldpainter_64_1.2.0.exe
AlternateDataStreams: C:\ProgramData\Temp:D56FBB0B
 
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\sysXboot => Value deleted successfully.
Could not move "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" => Scheduled to move on reboot.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
ALSysIO => Service deleted successfully.
C:\Users\Tanner\worldpainter_64_1.2.0.exe => Moved successfully.
C:\ProgramData\Temp => ":D56FBB0B" ADS removed successfully.
 
=========== Result of Scheduled Files to move ===========
 
"C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" => File could not move.
 
==== End of Fixlog ====

 

Link to post
Share on other sites

  • Root Admin

Please delete your copy of combofix and download a new fresh copy and run it and post back the new log.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Please save the attached file CFScript.txt to the same location as Combofix.  

Then quite your Internet browser and any other open applications and drag-and-drop the CFScript.txt onto Combofix to run it.

 

When done it should reboot and run again.  Please post back the new log file.

 

 

 

CFScript.txt

Link to post
Share on other sites

  • Root Admin

Please delete any current logs from FRST and then run a new scan and post back both logs.

 

I'm heading off for a bit but will check back later tonight.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Thanks for all the help so far.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Tanner (administrator) on PINEAPPLE-PC on 08-10-2013 21:59:07
Running from C:\Users\Tanner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) D:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(PeerBlock, LLC) D:\Program Files\PeerBlock\peerblock.exe
() D:\Program Files (x86)\puush\puush.exe
(Oracle Corporation) D:\Program Files\Java\bin\javaw.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Peter Pawlowski) D:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKCU\...\Run: [steam] - D:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-04] (Valve Corporation)
HKCU\...\Run: [F.lux] - C:\Users\Tanner\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [PeerBlock] - D:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKCU\...\Run: [puush] - D:\Program Files (x86)\puush\puush.exe [567880 2013-08-10] ()
HKCU\...\Run: [ooVoo.exe] - C:\Program Files (x86)\oovoo\ooVoo.exe [35253824 2013-08-04] (ooVoo LLC)
HKCU\...\Run: [sysXboot] - "D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" <===== ATTENTION
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [startCCC] - D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GMouse] - D:\GIGABYTE FORCE\GIGABYTE FORCE.EXE [1253376 2012-10-04] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE501A18F7EECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (James White) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0
CHR Extension: (YouTube) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Adblock Plus) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1
CHR Extension: (4chan Plus) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\3.0.0_0
CHR Extension: (Gmail) - C:\Users\Tanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-05] (Advanced Micro Devices, Inc.)
S2 AODService; D:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-09-20] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-02-10] ()
R2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2746704 2013-10-01] (LogMeIn Inc.)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-29] ()
R2 RadeonPro Support Service; D:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-04-13] (Mr. John aka japamd)
S2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.2.0; D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
R2 AODDriver4.2.0; D:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-11] (DT Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-24] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-09-24] (Windows ® Server 2003 DDK provider)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-10] (REALiX)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 pbfilter; D:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128728 2013-04-18] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [73944 2013-04-18] (Razer USA Ltd)
S3 SaiK0CC3; C:\Windows\System32\DRIVERS\SaiK0CC3.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CC3; C:\Windows\System32\DRIVERS\SaiU0CC3.sys [47208 2012-09-20] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-08 21:56 - 2013-10-08 21:56 - 01954124 _____ (Farbar) C:\Users\Tanner\Desktop\FRST64.exe
2013-10-08 21:45 - 2013-10-08 21:45 - 00024527 _____ C:\ComboFix.txt
2013-10-08 20:37 - 2013-10-08 20:36 - 05132072 ____R (Swearware) C:\Users\Tanner\Desktop\ComboFix.exe
2013-10-08 17:38 - 2013-10-08 17:35 - 00448512 _____ (OldTimer Tools) C:\Users\Tanner\Desktop\TFC.exe
2013-10-08 17:36 - 2013-10-08 17:37 - 00000000 ____D C:\Users\Tanner\Desktop\RemoveJava
2013-10-08 17:02 - 2013-10-08 17:44 - 00000000 ____D C:\FRST
2013-10-08 17:01 - 2013-10-08 17:01 - 00000104 _____ C:\Users\Tanner\Desktop\ESET.txt
2013-10-08 15:59 - 2013-10-08 15:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-08 15:56 - 2013-10-08 15:57 - 00000000 ____D C:\AdwCleaner
2013-10-08 15:27 - 2013-10-08 15:27 - 00001495 _____ C:\Users\Tanner\Desktop\JRT.txt
2013-10-08 15:23 - 2013-10-08 15:23 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 15:15 - 2013-10-08 15:23 - 00000000 ____D C:\Users\Tanner\Desktop\mbar
2013-10-08 15:15 - 2013-10-08 15:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-08 15:14 - 2013-10-08 15:14 - 01045226 _____ C:\Users\Tanner\Desktop\AdwCleaner.exe
2013-10-08 15:14 - 2013-10-08 15:13 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tanner\Desktop\mbar-1.07.0.1005.exe
2013-10-08 15:14 - 2013-10-08 15:13 - 01032220 _____ (Thisisu) C:\Users\Tanner\Desktop\JRT.exe
2013-10-08 14:55 - 2013-10-08 21:45 - 00000000 ____D C:\Qoobox
2013-10-08 14:55 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-08 14:55 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-08 14:55 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-08 14:55 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\Users\Tanner\Desktop\combofix
2013-10-08 14:18 - 2013-10-08 14:18 - 00002683 _____ C:\Users\Tanner\Desktop\RKreport[0]_S_10082013_141848.txt
2013-10-08 14:17 - 2013-10-08 14:18 - 00000000 ____D C:\Users\Tanner\Desktop\RK_Quarantine
2013-10-08 14:16 - 2013-10-08 14:59 - 00000000 ____D C:\Windows\ERDNT
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\Tanner\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\Tanner\Desktop\ERUNT.lnk
2013-10-08 14:14 - 2013-10-08 14:15 - 00002528 _____ C:\Users\Tanner\Desktop\Rkill.txt
2013-10-08 14:14 - 2013-10-08 14:14 - 00000000 ____D C:\Users\Tanner\Desktop\rkill
2013-10-08 14:13 - 2013-10-08 14:13 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Tanner\Desktop\erunt-setup.exe
2013-10-08 14:13 - 2013-10-08 14:12 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tanner\Desktop\rkill.exe
2013-10-08 14:13 - 2013-10-08 13:05 - 03980800 _____ C:\Users\Tanner\Desktop\RogueKillerX64.exe
2013-10-08 14:07 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-08 13:15 - 2013-10-08 13:36 - 00007713 _____ C:\Users\Tanner\Desktop\attach.txt
2013-10-08 13:15 - 2013-10-08 13:29 - 00020635 _____ C:\Users\Tanner\Desktop\dds.txt
2013-10-08 13:13 - 2013-10-08 13:13 - 00688992 ____R (Swearware) C:\Users\Tanner\Desktop\dds.scr
2013-10-08 13:08 - 2013-10-08 17:43 - 00001170 _____ C:\Windows\PFRO.log
2013-10-07 13:02 - 2013-10-07 13:02 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4 Beta
2013-10-06 21:35 - 2013-10-06 21:37 - 00000042 _____ C:\Users\Tanner\Documents\gameservers
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\Users\Tanner\AppData\Local\LogMeIn
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-03 17:09 - 2013-10-03 17:09 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 17:09 - 2013-10-03 17:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 17:09 - 2013-10-03 17:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 17:09 - 2013-10-03 17:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 17:09 - 2013-10-03 17:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\ProgramData\McAfee
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-01 03:01 - 2013-10-01 03:01 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4
2013-09-24 13:26 - 2013-09-24 13:26 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-24 01:55 - 2013-09-24 01:55 - 00001351 _____ C:\Users\Tanner\Documents\AutoHotkeyU64.ahk
2013-09-19 00:43 - 2013-09-19 00:43 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Guild Wars 2
2013-09-18 21:37 - 2013-09-18 21:37 - 00000000 ____D C:\Users\Tanner\AppData\Local\SmartTechnology
2013-09-18 21:28 - 2013-09-21 23:06 - 00000000 ____D C:\Program Files\SmartTechnology
2013-09-16 01:39 - 2013-09-16 01:39 - 00000000 ____D C:\Users\Tanner\Documents\Paradox Interactive
2013-09-16 01:33 - 2013-10-01 19:01 - 00055495 _____ C:\Windows\DirectX.log
2013-09-14 01:36 - 2013-10-08 17:43 - 00004616 _____ C:\Windows\setupact.log
2013-09-14 01:36 - 2013-09-14 01:36 - 00000000 _____ C:\Windows\setuperr.log
2013-09-11 03:02 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 03:02 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 03:02 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 03:02 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 03:02 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 03:02 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 03:02 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 03:02 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 03:02 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 03:02 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 03:02 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 03:02 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 03:02 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 03:02 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 16:39 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 16:39 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 16:39 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 16:39 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 16:39 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 16:39 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 16:39 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 16:39 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 16:39 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 16:39 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 16:39 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 16:39 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 16:39 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 16:39 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 16:39 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 16:39 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 16:39 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 16:39 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 16:39 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 16:39 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 16:39 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 16:39 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 16:39 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 16:39 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 16:39 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 16:39 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 
==================== One Month Modified Files and Folders =======
 
2013-10-08 21:56 - 2013-10-08 21:56 - 01954124 _____ (Farbar) C:\Users\Tanner\Desktop\FRST64.exe
2013-10-08 21:52 - 2013-04-10 13:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 21:45 - 2013-10-08 21:45 - 00024527 _____ C:\ComboFix.txt
2013-10-08 21:45 - 2013-10-08 14:55 - 00000000 ____D C:\Qoobox
2013-10-08 21:43 - 2013-01-10 01:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000UA.job
2013-10-08 21:43 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-10-08 21:42 - 2013-01-10 01:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 20:36 - 2013-10-08 20:37 - 05132072 ____R (Swearware) C:\Users\Tanner\Desktop\ComboFix.exe
2013-10-08 20:34 - 2013-01-11 22:51 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\TS3Client
2013-10-08 20:01 - 2013-01-13 01:06 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\foobar2000
2013-10-08 17:51 - 2009-07-13 23:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 17:51 - 2009-07-13 23:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 17:47 - 2013-01-10 00:39 - 01995499 _____ C:\Windows\WindowsUpdate.log
2013-10-08 17:45 - 2013-05-13 20:21 - 00000000 ____D C:\Users\Tanner\AppData\Local\LogMeIn Hamachi
2013-10-08 17:44 - 2013-10-08 17:02 - 00000000 ____D C:\FRST
2013-10-08 17:44 - 2013-04-10 13:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 17:43 - 2013-10-08 13:08 - 00001170 _____ C:\Windows\PFRO.log
2013-10-08 17:43 - 2013-09-14 01:36 - 00004616 _____ C:\Windows\setupact.log
2013-10-08 17:43 - 2013-01-29 17:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-08 17:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 17:42 - 2013-01-10 00:39 - 00000000 ____D C:\Users\Tanner
2013-10-08 17:37 - 2013-10-08 17:36 - 00000000 ____D C:\Users\Tanner\Desktop\RemoveJava
2013-10-08 17:35 - 2013-10-08 17:38 - 00448512 _____ (OldTimer Tools) C:\Users\Tanner\Desktop\TFC.exe
2013-10-08 17:01 - 2013-10-08 17:01 - 00000104 _____ C:\Users\Tanner\Desktop\ESET.txt
2013-10-08 15:59 - 2013-10-08 15:59 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-08 15:57 - 2013-10-08 15:56 - 00000000 ____D C:\AdwCleaner
2013-10-08 15:27 - 2013-10-08 15:27 - 00001495 _____ C:\Users\Tanner\Desktop\JRT.txt
2013-10-08 15:23 - 2013-10-08 15:23 - 00000000 ____D C:\Windows\ERUNT
2013-10-08 15:23 - 2013-10-08 15:15 - 00000000 ____D C:\Users\Tanner\Desktop\mbar
2013-10-08 15:23 - 2013-10-08 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-08 15:14 - 2013-10-08 15:14 - 01045226 _____ C:\Users\Tanner\Desktop\AdwCleaner.exe
2013-10-08 15:13 - 2013-10-08 15:14 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Tanner\Desktop\mbar-1.07.0.1005.exe
2013-10-08 15:13 - 2013-10-08 15:14 - 01032220 _____ (Thisisu) C:\Users\Tanner\Desktop\JRT.exe
2013-10-08 15:04 - 2013-02-15 19:11 - 00000000 ____D C:\Users\Tanner\AppData\Local\Apps\2.0
2013-10-08 15:00 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-10-08 14:59 - 2013-10-08 14:16 - 00000000 ____D C:\Windows\ERDNT
2013-10-08 14:59 - 2013-01-10 00:39 - 00000000 ___RD C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\Users\Tanner\Desktop\combofix
2013-10-08 14:18 - 2013-10-08 14:18 - 00002683 _____ C:\Users\Tanner\Desktop\RKreport[0]_S_10082013_141848.txt
2013-10-08 14:18 - 2013-10-08 14:17 - 00000000 ____D C:\Users\Tanner\Desktop\RK_Quarantine
2013-10-08 14:16 - 2013-01-10 01:03 - 00000000 ____D C:\Users\Tanner\Desktop\Shortcuts
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000650 _____ C:\Users\Tanner\Desktop\NTREGOPT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-08 14:15 - 2013-10-08 14:15 - 00000637 _____ C:\Users\Tanner\Desktop\ERUNT.lnk
2013-10-08 14:15 - 2013-10-08 14:14 - 00002528 _____ C:\Users\Tanner\Desktop\Rkill.txt
2013-10-08 14:14 - 2013-10-08 14:14 - 00000000 ____D C:\Users\Tanner\Desktop\rkill
2013-10-08 14:13 - 2013-10-08 14:13 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Tanner\Desktop\erunt-setup.exe
2013-10-08 14:12 - 2013-10-08 14:13 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tanner\Desktop\rkill.exe
2013-10-08 13:36 - 2013-10-08 13:15 - 00007713 _____ C:\Users\Tanner\Desktop\attach.txt
2013-10-08 13:29 - 2013-10-08 13:15 - 00020635 _____ C:\Users\Tanner\Desktop\dds.txt
2013-10-08 13:13 - 2013-10-08 13:13 - 00688992 ____R (Swearware) C:\Users\Tanner\Desktop\dds.scr
2013-10-08 13:05 - 2013-10-08 14:13 - 03980800 _____ C:\Users\Tanner\Desktop\RogueKillerX64.exe
2013-10-08 12:19 - 2013-01-10 01:02 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\uTorrent
2013-10-08 01:43 - 2013-01-10 01:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000Core.job
2013-10-07 16:30 - 2013-02-23 22:31 - 00215416 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-07 16:30 - 2013-02-23 22:31 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-07 13:09 - 2013-01-11 21:00 - 00000000 ____D C:\Users\Tanner\AppData\Local\TeamSpeak 3 Client
2013-10-07 13:02 - 2013-10-07 13:02 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4 Beta
2013-10-07 01:38 - 2013-01-10 01:02 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000UA
2013-10-07 01:38 - 2013-01-10 01:02 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1979747309-927448943-1715424303-1000Core
2013-10-06 21:37 - 2013-10-06 21:35 - 00000042 _____ C:\Users\Tanner\Documents\gameservers
2013-10-06 20:01 - 2013-08-10 02:32 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\puush
2013-10-06 20:01 - 2013-01-17 22:20 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Ventrilo
2013-10-06 20:01 - 2013-01-10 19:11 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-06 20:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-10-06 20:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-06 18:14 - 2013-01-10 04:35 - 00007601 _____ C:\Users\Tanner\AppData\Local\Resmon.ResmonCfg
2013-10-06 18:08 - 2013-02-15 19:11 - 00000000 ____D C:\Users\Tanner\AppData\Local\Deployment
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\Users\Tanner\AppData\Local\LogMeIn
2013-10-06 11:30 - 2013-10-06 11:30 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-05 15:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-03 17:09 - 2013-10-03 17:09 - 00000000 ____D C:\ProgramData\Oracle
2013-10-03 17:08 - 2013-10-03 17:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-03 17:08 - 2013-10-03 17:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-03 17:08 - 2013-10-03 17:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 17:08 - 2013-10-03 17:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\ProgramData\McAfee
2013-10-03 17:08 - 2013-10-03 17:08 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 17:08 - 2013-01-10 01:02 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-03 10:47 - 2013-04-10 13:27 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-03 10:47 - 2013-04-10 13:27 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 21:37 - 2013-01-10 19:35 - 00000000 ____D C:\Users\Tanner\AppData\Local\PunkBuster
2013-10-01 19:01 - 2013-09-16 01:33 - 00055495 _____ C:\Windows\DirectX.log
2013-10-01 16:56 - 2013-09-03 19:38 - 00000248 _____ C:\Users\Tanner\Desktop\config.ini
2013-10-01 03:01 - 2013-10-01 03:01 - 00000000 ____D C:\Users\Tanner\Documents\Battlefield 4
2013-09-29 22:59 - 2013-04-07 20:32 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-29 22:59 - 2013-02-23 22:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-25 12:19 - 2013-06-21 13:52 - 00000000 ____D C:\Users\Tanner\AppData\Local\Arma 3
2013-09-24 13:30 - 2009-07-14 00:13 - 00780436 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 13:26 - 2013-09-24 13:26 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-09-24 01:55 - 2013-09-24 01:55 - 00001351 _____ C:\Users\Tanner\Documents\AutoHotkeyU64.ahk
2013-09-24 01:53 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2013-09-23 18:51 - 2013-02-09 18:18 - 00000000 ____D C:\Users\Tanner\AppData\Local\Microsoft Games
2013-09-21 23:06 - 2013-09-18 21:28 - 00000000 ____D C:\Program Files\SmartTechnology
2013-09-21 22:54 - 2013-01-25 22:40 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-21 13:31 - 2013-08-04 12:12 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-DRIVE-0.3
2013-09-19 00:43 - 2013-09-19 00:43 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Guild Wars 2
2013-09-19 00:43 - 2013-01-22 22:30 - 00000000 ____D C:\Users\Tanner\Documents\Guild Wars 2
2013-09-18 21:37 - 2013-09-18 21:37 - 00000000 ____D C:\Users\Tanner\AppData\Local\SmartTechnology
2013-09-16 01:39 - 2013-09-16 01:39 - 00000000 ____D C:\Users\Tanner\Documents\Paradox Interactive
2013-09-16 01:31 - 2013-01-11 00:29 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\DAEMON Tools Lite
2013-09-14 01:36 - 2013-09-14 01:36 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 22:16 - 2013-03-14 01:09 - 00000000 ____D C:\Users\Tanner\AppData\Roaming\Media Player Classic
2013-09-12 16:16 - 2013-01-10 19:35 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-12 13:32 - 2013-01-10 16:33 - 00000000 ____D C:\Windows\Panther
2013-09-11 11:31 - 2013-01-10 00:39 - 00000000 ___RD C:\Users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 03:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 03:20 - 2009-07-13 23:45 - 00290456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 19:03 - 2013-01-10 00:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-01 04:18
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

  • Root Admin

That doesn't make sense.  Java is still showing as installed in the new log.

 

Temporarily DISABLE your antivirus while these scans run.  Then once completed make sure to re-enable your antivirus.

Make sure all your browsers are closed when running these scans.

 

STEP 1
Please restart the computer and then run JavaRA again but this time make sure  you right click and choose "Run as administrator"
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

STEP 2

After JavaRA runs then reboot the computer and run TFC again. 
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Right click over TFC.exe and choose "Run as administrator" and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

STEP 3

Then reset your browsers again.
 
Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.
 

 

 

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on HELP --> Troubleshooting Information --> then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera

 

 

 

STEP 4
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Wed Oct 09 11:41:54 2013

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\MozillaPlugins

 

------------------------------------

 

Finished reporting.

 

 

 

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Let me have you run the following again please.

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to post
Share on other sites

RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Tanner [Admin rights]

Mode : Scan -- Date : 10/09/2013 13:37:48

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" [7][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1979747309-927448943-1715424303-1000\[...]\Run : sysXboot ("D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" [7][x]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD6400AAKS-65A7B2 ATA Device +++++

--- User ---

[MBR] f6ac7fbb0cb8a3742929ac24f2c381a6

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 44996 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 92358656 | Size: 549998 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10092013_133748.txt >>
Link to post
Share on other sites

  • Root Admin

Okay, so I see you're using Daemon Tools which does virtual disk mounting but you also have this entry which refuses to go away even though Combofix and FRST have removed it.

 

What are you using it for and do you know what is monitoring it or recreating it?

 

[RUN][sUSP PATH] HKCU\[...]\Run : sysXboot ("D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" [7][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1979747309-927448943-1715424303-1000\[...]\Run : sysXboot ("D:\Program Files\Java\bin\javaw.exe" -jar "C:\Users\Tanner\AppData\Local\Temp\sysXboot2148016656113004269.jar" [7][x]) -> FOUND
Link to post
Share on other sites

  • Root Admin

Okay, let me have you run the following and we'll see if we can locate and remove this.

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

 

 

 

 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

 

 

 

Link to post
Share on other sites

MiniToolBox by Farbar  Version: 13-07-2013

Ran by Tanner (administrator) on 09-10-2013 at 21:18:37

Running from "C:\Users\Tanner\Desktop"

Microsoft Windows 7 Ultimate  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

Hamachi Network Interface = Hamachi (Connected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes

set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Pineapple-PC

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : gateway.pace.com

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : gateway.pace.com

   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

   Physical Address. . . . . . . . . : 08-60-6E-81-A9-B2

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::2441:700a:656e:dd5a%11(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Wednesday, October 09, 2013 11:53:49 AM

   Lease Expires . . . . . . . . . . : Thursday, October 10, 2013 11:53:48 AM

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 235429998

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-80-0E-BB-08-60-6E-81-A9-B2

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Hamachi:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Hamachi Network Interface

   Physical Address. . . . . . . . . : 7A-79-19-13-25-F7

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2620:9b::1913:25f7(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::ad86:e04d:e547:e21f%15(Preferred) 

   IPv4 Address. . . . . . . . . . . : 25.19.37.247(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.0.0.0

   Lease Obtained. . . . . . . . . . : Wednesday, October 09, 2013 11:53:45 AM

   Lease Expires . . . . . . . . . . : Thursday, October 09, 2014 11:55:52 AM

   Default Gateway . . . . . . . . . : 2620:9b::1900:1

                                       25.0.0.1

   DHCP Server . . . . . . . . . . . : 25.0.0.1

   DHCPv6 IAID . . . . . . . . . . . : 343570855

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-80-0E-BB-08-60-6E-81-A9-B2

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                       fec0:0:0:ffff::2%1

                                       fec0:0:0:ffff::3%1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter isatap.gateway.pace.com:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : gateway.pace.com

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:74:3084:9cd1:2e0c(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::74:3084:9cd1:2e0c%12(Preferred) 

   Default Gateway . . . . . . . . . : 

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.{13DF9F7F-8D8F-47B8-8E9A-9FF8CF16AE8B}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  homeportal

Address:  192.168.1.254

 

Name:    google.com

Addresses:  2607:f8b0:4000:808::1001

 74.125.227.198

 74.125.227.199

 74.125.227.200

 74.125.227.196

 74.125.227.195

 74.125.227.192

 74.125.227.194

 74.125.227.197

 74.125.227.193

 74.125.227.206

 74.125.227.201

 

 

Pinging google.com [74.125.227.200] with 32 bytes of data:

Reply from 74.125.227.200: bytes=32 time=30ms TTL=54

Reply from 74.125.227.200: bytes=32 time=31ms TTL=54

 

Ping statistics for 74.125.227.200:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 30ms, Maximum = 31ms, Average = 30ms

Server:  homeportal

Address:  192.168.1.254

 

Name:    yahoo.com

Addresses:  98.138.253.109

 206.190.36.45

 98.139.183.24

 

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=68ms TTL=46

Reply from 98.138.253.109: bytes=32 time=72ms TTL=46

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 68ms, Maximum = 72ms, Average = 70ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 11...08 60 6e 81 a9 b2 ......Realtek PCIe GBE Family Controller

 15...7a 79 19 13 25 f7 ......Hamachi Network Interface

  1...........................Software Loopback Interface 1

 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0         25.0.0.1     25.19.37.247   9256

          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.65     20

         25.0.0.0        255.0.0.0         On-link      25.19.37.247   9256

     25.19.37.247  255.255.255.255         On-link      25.19.37.247   9256

   25.255.255.255  255.255.255.255         On-link      25.19.37.247   9256

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.65    276

     192.168.1.65  255.255.255.255         On-link      192.168.1.65    276

    192.168.1.255  255.255.255.255         On-link      192.168.1.65    276

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.65    276

        224.0.0.0        240.0.0.0         On-link      25.19.37.247   9256

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.65    276

  255.255.255.255  255.255.255.255         On-link      25.19.37.247   9256

===========================================================================

Persistent Routes:

  Network Address          Netmask  Gateway Address  Metric

          0.0.0.0          0.0.0.0         25.0.0.1  Default 

===========================================================================

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 15   9020 ::/0                     2620:9b::1900:1

  1    306 ::1/128                  On-link

 12     58 2001::/32                On-link

 12    306 2001:0:9d38:90d7:74:3084:9cd1:2e0c/128

                                    On-link

 15    276 2620:9b::/96             On-link

 15    276 2620:9b::1913:25f7/128   On-link

 11    276 fe80::/64                On-link

 15    276 fe80::/64                On-link

 12    306 fe80::/64                On-link

 12    306 fe80::74:3084:9cd1:2e0c/128

                                    On-link

 11    276 fe80::2441:700a:656e:dd5a/128

                                    On-link

 15    276 fe80::ad86:e04d:e547:e21f/128

                                    On-link

  1    306 ff00::/8                 On-link

 12    306 ff00::/8                 On-link

 11    276 ff00::/8                 On-link

 15    276 ff00::/8                 On-link

===========================================================================

Persistent Routes:

 If Metric Network Destination      Gateway

  0 4294967295 2620:9b::/96             On-link

  0   9000 ::/0                     2620:9b::1900:1

===========================================================================

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (10/09/2013 11:55:28 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2013 11:54:20 AM) (Source: Application Error) (User: )

Description: Faulting application name: peerblock.exe, version: 1.1.0.518, time stamp: 0x4cd60ddd

Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a

Exception code: 0xc0000374

Fault offset: 0x00000000000c4102

Faulting process id: 0xc58

Faulting application start time: 0xpeerblock.exe0

Faulting application path: peerblock.exe1

Faulting module path: peerblock.exe2

Report Id: peerblock.exe3

 

Error: (10/09/2013 11:46:48 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2013 11:34:53 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2013 01:25:51 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/08/2013 05:45:37 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/08/2013 05:37:58 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/08/2013 05:20:32 PM) (Source: Application Error) (User: )

Description: Faulting application name: chrome.exe, version: 30.0.1599.69, time stamp: 0x524cdedb

Faulting module name: chrome.dll, version: 30.0.1599.69, time stamp: 0x524cde6e

Exception code: 0x80000003

Fault offset: 0x011b082d

Faulting process id: 0x149c

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

 

System errors:

=============

Error: (10/09/2013 05:55:30 PM) (Source: Service Control Manager) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (10/09/2013 05:55:30 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (10/09/2013 11:53:55 AM) (Source: Service Control Manager) (User: )

Description: The Razer Overlay Subsystem Emergency Service service failed to start due to the following error: 

%%2

 

Error: (10/09/2013 11:48:33 AM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (10/09/2013 11:45:15 AM) (Source: Service Control Manager) (User: )

Description: The Razer Overlay Subsystem Emergency Service service failed to start due to the following error: 

%%2

 

Error: (10/09/2013 11:44:24 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.159.1649.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.2.0223.00

 

Source Path: 4.2.0223.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (10/09/2013 11:33:17 AM) (Source: Service Control Manager) (User: )

Description: The Razer Overlay Subsystem Emergency Service service failed to start due to the following error: 

%%2

 

Error: (10/09/2013 01:55:58 AM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (10/08/2013 09:43:57 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (10/08/2013 09:43:43 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

 

Microsoft Office Sessions:

=========================

Error: (10/09/2013 11:55:28 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2013 11:54:20 AM) (Source: Application Error)(User: )

Description: peerblock.exe1.1.0.5184cd60dddntdll.dll6.1.7601.1822951fb164ac000037400000000000c4102c5801cec5102d694a59D:\Program Files\PeerBlock\peerblock.exeC:\Windows\SYSTEM32\ntdll.dll70c69f60-3103-11e3-afed-08606e81a9b2

 

Error: (10/09/2013 11:46:48 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2013 11:34:53 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2013 01:25:51 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (10/08/2013 05:45:37 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/08/2013 05:37:58 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu.exe

 

Error: (10/08/2013 05:20:32 PM) (Source: Application Error)(User: )

Description: chrome.exe30.0.1599.69524cdedbchrome.dll30.0.1599.69524cde6e80000003011b082d149c01cec468b3f0f18eC:\Users\Tanner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Tanner\AppData\Local\Google\Chrome\Application\30.0.1599.69\chrome.dlld7d40960-3067-11e3-a5ed-08606e81a9b2

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-10-08 21:43:43.197

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-10-08 21:43:43.162

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-10-08 21:43:43.132

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-10-08 21:43:43.102

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-10-08 14:59:09.266

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-10-08 14:59:09.235

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

=========================== Installed Programs ============================

 

7 Days to Die 1.00

Adobe Flash Player 11 ActiveX (Version: 11.6.602.168)

Adobe Flash Player 11 Plugin (Version: 11.5.502.146)

Adobe Reader XI (11.0.02) (Version: 11.0.02)

Age of Empires II: HD Edition

AMD Accelerated Video Transcoding (Version: 13.20.100.30905)

AMD Catalyst Control Center (Version: 2013.0905.312.3832)

AMD Catalyst Install Manager (Version: 8.0.915.0)

AMD Drag and Drop Transcoding (Version: 2.00.0000)

AMD Fuel (Version: 2013.0905.312.3832)

AMD Media Foundation Decoders (Version: 1.0.80905.0331)

AMD OverDrive Beta (Version: 4.2.3.0625)

AMD Steady Video Plug-In  (Version: 2.06.0000)

AMD Wireless Display v3.0 (Version: 1.0.0.14)

ARMA 2 Operation Arrowhead Uninstall

ArmA 2 Uninstall

Arma 3 Alpha

AutoHotkey 1.1.13.00 (Version: 1.1.13.00)

Bandisoft MPEG-1 Decoder

Battle.net

Battlefield 3™ (Version: 1.5.0.0)

Battlefield 4™ Beta (Version: 1.0.0.0)

Battlelog Web Plugins (Version: 2.3.0)

BattlEye for OA Uninstall

BattlEye Uninstall

Bear Force II 0.3 (Version: 0.3)

Blockscape Phase 1 (beta)

BOSS (Version: 2.1.1)

Capsule (Version: 1.0.000)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (Version: 2013.0905.312.3832)

Catalyst Control Center InstallProxy (Version: 2013.0905.312.3832)

Catalyst Control Center Localization All (Version: 2013.0905.312.3832)

CCC Help Chinese Standard (Version: 2013.0905.0311.3832)

CCC Help Chinese Traditional (Version: 2013.0905.0311.3832)

CCC Help Czech (Version: 2013.0905.0311.3832)

CCC Help Danish (Version: 2013.0905.0311.3832)

CCC Help Dutch (Version: 2013.0905.0311.3832)

CCC Help English (Version: 2013.0905.0311.3832)

CCC Help Finnish (Version: 2013.0905.0311.3832)

CCC Help French (Version: 2013.0905.0311.3832)

CCC Help German (Version: 2013.0905.0311.3832)

CCC Help Greek (Version: 2013.0905.0311.3832)

CCC Help Hungarian (Version: 2013.0905.0311.3832)

CCC Help Italian (Version: 2013.0905.0311.3832)

CCC Help Japanese (Version: 2013.0905.0311.3832)

CCC Help Korean (Version: 2013.0905.0311.3832)

CCC Help Norwegian (Version: 2013.0905.0311.3832)

CCC Help Polish (Version: 2013.0905.0311.3832)

CCC Help Portuguese (Version: 2013.0905.0311.3832)

CCC Help Russian (Version: 2013.0905.0311.3832)

CCC Help Spanish (Version: 2013.0905.0311.3832)

CCC Help Swedish (Version: 2013.0905.0311.3832)

CCC Help Thai (Version: 2013.0905.0311.3832)

CCC Help Turkish (Version: 2013.0905.0311.3832)

ccc-utility64 (Version: 2013.0905.312.3832)

CCleaner (Version: 3.26)

Core Temp 1.0 RC4 (Version: 1.0)

Counter-Strike: Global Offensive

Counter-Strike: Source

CPUID HWMonitor 1.21

Curse Client (Version: 5.1.1.792)

DAEMON Tools Lite (Version: 4.46.1.0328)

DivX Setup (Version: 2.6.1.44)

ERUNT 1.1j

ESET Online Scanner v3

ESN Sonar (Version: 0.70.4)

F.lux

foobar2000 v1.2 (Version: 1.2)

Fraps

GIGABYTE FORCE Driver

Google Chrome (Version: 30.0.1599.69)

Google Earth (Version: 7.1.1.1888)

Google Update Helper (Version: 1.3.21.165)

Guild Wars 2

Happy Cloud Client (Version: 1.386)

HWiNFO64 Version 4.08 (Version: 4.08)

Java 7 Update 17 (64-bit) (Version: 7.0.170)

Java 7 Update 40 (Version: 7.0.400)

K-Lite Codec Pack 9.8.0 (64-bit) (Version: 9.8.0)

K-Lite Codec Pack 9.8.0 (Standard) (Version: 9.8.0)

LogMeIn Hamachi (Version: 2.2.0.58)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

ManyCam 3.1.43 (Version: 3.1.43)

MechWarrior 3 Pirate's Moon

MechWarrior Online (Version: 1.2.0.0)

Microsoft .NET Framework 4.5 (Version: 4.5.50709)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)

Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)

Microsoft Games for Windows Marketplace (Version: 3.5.50.0)

Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Visual Basic PowerPacks 10.0 (Version: 10.0.20911)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)

Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)

Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)

Mount & Blade: Warband

MSI Afterburner 2.3.1 (Version: 2.3.1)

Nexon Game Manager

Nexus Mod Manager (Version: 0.44.16)

NVIDIA 3D Vision Controller Driver 310.90 (Version: 310.90)

NVIDIA 3D Vision Driver 310.90 (Version: 310.90)

NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)

NVIDIA PhysX (Version: 9.12.1031)

NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)

ooVoo (Version: 3.5.9056)

Origin (Version: 9.1.3.2637)

Paint.NET v3.5.10 (Version: 3.60.0)

PeerBlock 1.1 (r518) (Version: 1.1.0.518)

PunkBuster Services (Version: 0.993)

puush (Version: 1.0.0.0)

Python 3.3.2 (Version: 3.3.2150)

RadeonPro 1.0 (Build 1.1.1.0)

RaidCall (Version: 7.2.6-1.0.8500.17)

Realtek Ethernet Controller Driver (Version: 7.52.203.2012)

Realtek High Definition Audio Driver (Version: 6.0.1.6526)

Red Orchestra 2: Heroes of Stalingrad

SC4DatPacker 2008

ShiftWindow 1.02

Skype™ 6.3 (Version: 6.3.107)

StarCitizen (Version: 1.0)

Steam (Version: 1.0.0.0)

TeamSpeak 3 Client (Version: 3.0.13)

Terraria

The Anglo Zulu war (Version: 1.0.0)

The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (Version: 1)

The Weather Channel App

Total War: SHOGUN 2

Unity Web Player (Version: )

Uplay (Version: 2.0)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

Ventrilo Client for Windows x64 (Version: 3.0.8.0)

VLC media player 2.0.5 (Version: 2.0.5)

War of the Roses

War Thunder

War Thunder Launcher 1.0.1.185

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

WorldPainter 1.2.0 (Version: 1.2.0)

Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

 

========================= Devices: ================================

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 20%

Total physical RAM: 8190.12 MB

Available physical RAM: 6474.59 MB

Total Pagefile: 16378.42 MB

Available Pagefile: 14334.52 MB

Total Virtual: 4095.88 MB

Available Virtual: 3957.95 MB

 

========================= Partitions: =====================================

 

1 Drive c: (Windows) (Fixed) (Total:43.94 GB) (Free:12.79 GB) NTFS

2 Drive d: (Everything else) (Fixed) (Total:537.11 GB) (Free:193.94 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\PINEAPPLE-PC

 

Administrator            Guest                    Tanner                   

UpdatusUser              

 

========================= Minidump Files ==================================

 

No minidump file found

 

 

**** End of log ****

AutoRuns.rar

Link to post
Share on other sites

  • Root Admin

Please save the attached file CFScript.txt to the same location as Combofix.exe  then close all open browsers and drag-and-drop CFScript.txt onto combofix to run it.  It will produce a new log when it's done.  Please post back that new log.

 

Remember to temporarily disable your antivirus while running Combofix.

 

CFScript.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're