Jump to content

Can't seem to get the Malware off the computer no matter how many times I scan and remove it

Man of Leisure
 Share

Recommended Posts

Man of Leisure

Man of Leisure

Posted
Posted

I, like many others here, can't get the malware off my computer.  I have run Malwarebytes, AVG and MS Security Essentials.  They find malware and remove it, but its back after a reboot.

 

I see the instructions to others in this forum are to follow the offered help and report back specifically.  So before launching into my own further attempts, I hoped someone could offer me some help.  

 

I run Windows 7 64 bit version.  If any of you would be willing to help, I will humbly appreciate it.  

 

Thanks in advance.  

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
Thanks for the reply.  Here is my latest Malwarebytes log.

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.03.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Scott :: RIVENDELL [administrator]

 

Protection: Enabled

 

1/3/2014 6:34:51 PM

mbam-log-2014-01-03 (18-34-51).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 328592

Time elapsed: 41 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 30

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1509972345 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1720529191 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2131648484 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2313280095 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2525628655 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2765804077 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2846839040 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2848059690 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2868758633 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3036159141 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3158585136 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3244453095 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3288455195 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3309072648 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3321821477 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3352187418 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3368595625 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3404717994 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3606505250 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3891681766 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4044922288 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4130015029 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4258793388 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer473815368 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer533723172 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer569839088 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer605942368 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer688034939 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer690937787 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer795615656 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 60

C:\Windows\Tasks\Security Center Update - 1509972345.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 1720529191.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 2131648484.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 2313280095.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 2525628655.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 2765804077.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 2846839040.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 2848059690.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 2868758633.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3036159141.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3158585136.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3244453095.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3288455195.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3309072648.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3321821477.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3352187418.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3368595625.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3404717994.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3606505250.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3891681766.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 4044922288.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 4130015029.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 4258793388.job (Trojan.Agent.RvGen) -> Quarantinsuccessfully.

C:\Windows\Tasks\Security Center Update - 473815368.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 533723172.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 569839088.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 605942368.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 688034939.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 690937787.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 795615656.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ucnag.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\iqceh.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\oqihbue.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\pozuremog.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ulirrey.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\uqgyewq.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\uczuynowcy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ipzosueso.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\oquhythe.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\puesdyotx.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\faucecgoov.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\elefiziqu.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\opqoaty.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\covigohook.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\idfuonvo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\othalow.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\irvydi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\imufpei.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ywpyyv.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\hyudkuy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\daovy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\tuedv.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\yxmuv.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\hoigbywaa.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ypkaaxk.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\veagu.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\geypqu.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\itaxat.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\funywafi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\xidoogucoq.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

 

(end)

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted

Actually, that looks like one from yesterday.  Here is one from today

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.04.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Scott :: RIVENDELL [administrator]
 
Protection: Enabled
 
1/4/2014 5:23:46 PM
mbam-log-2014-01-04 (17-23-46).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 548733
Time elapsed: 1 hour(s), 33 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00ab33 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites
pondus

pondus

Posted
Posted

never install multiple AV ...you have AVG and MSE installed

multiple AV will give you a slow machine, windows errors and false detections

 

follow instructions here  https://forums.malwarebytes.org/index.php?showtopic=9573  .... download DDS, run it and post the logs, then you should get help when the removal experts are online

it may take some hours depending on what time zone they are in

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 6/8/2010 5:59:34 PM

System Uptime: 1/4/2014 8:29:44 PM (0 hours ago)

.

Motherboard: Hewlett-Packard |  | 144B

Processor: Intel® Core i5 CPU       M 520  @ 2.40GHz | CPU | 2400/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 443 GiB total, 309.712 GiB free.

D: is FIXED (NTFS) - 23 GiB total, 3.319 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.088 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology

Device ID: USB\VID_03F0&PID_231D\6&2D7E1374&0&6

Manufacturer: Broadcom

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology

PNP Device ID: USB\VID_03F0&PID_231D\6&2D7E1374&0&6

Service: BTHUSB

.

Class GUID: {3f966bd9-fa04-4ec5-991c-d326973b5128}

Description: Android Composite ADB Interface

Device ID: ROOT\ANDROIDUSBDEVICECLASS\0000

Manufacturer: Google, Inc.

Name: Android Composite ADB Interface

PNP Device ID: ROOT\ANDROIDUSBDEVICECLASS\0000

Service: WinUSB

.

Class GUID: {feb8d079-0681-11d4-9531-0060089abc08}

Description: Motorola Flash Interface

Device ID: ROOT\MOTUSB\0000

Manufacturer: Motorola Inc

Name: Motorola Flash Interface

PNP Device ID: ROOT\MOTUSB\0000

Service: MotDev

.

Class GUID: {feb8d079-0681-11d4-9531-0060089abc08}

Description: Motorola Flash Interface

Device ID: ROOT\MOTUSB\0001

Manufacturer: Motorola Inc

Name: Motorola Flash Interface

PNP Device ID: ROOT\MOTUSB\0001

Service: MotDev

.

==== System Restore Points ===================

.

RP667: 1/3/2014 8:11:10 AM - Windows Update

RP668: 1/4/2014 8:12:04 PM - Removed AVG 2013

RP669: 1/4/2014 8:13:49 PM - Removed AVG 2013

.

==== Image File Execution Options =============

.

.

==== Installed Programs ======================

.

.

==== End Of File ===========================
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted

Thanks for helping me with this.  First scan with MBAR

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2014.01.06.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Scott :: RIVENDELL [administrator]
 
1/6/2014 5:07:45 PM
mbar-log-2014-01-06 (17-07-45).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 335693
Time elapsed: 34 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Scott\AppData\Roaming\Kouvywaf\wywookv.exe (Trojan.Zbot.FBD) -> Delete on reboot.
C:\Users\Scott\AppData\Local\Temp\{DEE761F1-73E7-815C-63B7-3BC505044307}\Addons\aol_checker.exe (Trojan.Agent.H) -> Delete on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
2nd scan  (please note it found nothing but malware is still there)  moving on to next step from your post

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

 

Database version: v2014.01.06.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Scott :: RIVENDELL [administrator]

 

1/6/2014 5:49:05 PM

mbar-log-2014-01-06 (17-49-05).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 335576

Time elapsed: 30 minute(s), 48 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted

And system log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 1852313600
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 1905111040
 
Downloaded database version: v2014.01.06.09
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/06/2014 17:07:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\SndTAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\HAVATV.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\HavaTV_10.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\appliand.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\havabus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b5c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006838050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80069d7b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006838050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CB80527
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 928456704
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 928866304  Numsec = 47693824
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: C:\Users\Scott\AppData\Roaming\Kouvywaf\wywookv.exe --> [Trojan.Zbot.FBD]
Infected: C:\Users\Scott\AppData\Local\Temp\{DEE761F1-73E7-815C-63B7-3BC505044307}\Addons\aol_checker.exe --> [Trojan.Agent.H]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 4290691072
 
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 4269789184
 
=======================================
Initializing...
------------ Kernel report ------------
     01/06/2014 17:48:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\SndTAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\HAVATV.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\HavaTV_10.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\appliand.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\havabus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b5c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006829050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80069dab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006829050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CB80527
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 928456704
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 928866304  Numsec = 47693824
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 1852313600
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 1905111040
 
Downloaded database version: v2014.01.06.09
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/06/2014 17:07:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\SndTAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\HAVATV.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\HavaTV_10.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\appliand.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\havabus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b5c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006838050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80069d7b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006838050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CB80527
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 928456704
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 928866304  Numsec = 47693824
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: C:\Users\Scott\AppData\Roaming\Kouvywaf\wywookv.exe --> [Trojan.Zbot.FBD]
Infected: C:\Users\Scott\AppData\Local\Temp\{DEE761F1-73E7-815C-63B7-3BC505044307}\Addons\aol_checker.exe --> [Trojan.Agent.H]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 4290691072
 
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6230491136, free: 4269789184
 
=======================================
Initializing...
------------ Kernel report ------------
     01/06/2014 17:48:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\SndTAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\HAVATV.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\HavaTV_10.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\appliand.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\havabus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b5c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006829050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b5c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80069dab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8006829050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CB80527
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 928456704
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 928866304  Numsec = 47693824
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

 

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted

Not being very successful with step 4.  I downloaded JRT on my desktop.  I right click and run as administrator.  It appears a window opens but immediately closes.  So fast I can't tell wht it is, then nothing.  I believe it is not running, but is being shut down as fast as it opens.  Is there something I can do to get it to work?

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
# AdwCleaner v3.016 - Report created 06/01/2014 at 19:43:42

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Scott - RIVENDELL

# Running from : C:\Users\Scott\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Download and Sa

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

Folder Deleted : C:\Users\Scott\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Roxanne\AppData\Local\Temp\boost_interprocess

Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\Extensions\50a7255c5f6a8@50a7255c5f6e1.com

Folder Deleted : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\Extensions\staged

Folder Deleted : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\Extensions\staged

File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\Mysearchdial.xml

File Deleted : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\searchplugins\Mysearchdial.xml

File Deleted : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\searchplugins\Mysearchdial.xml

File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\WebSearch.xml

File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\user.js

File Deleted : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\user.js

File Deleted : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\user.js

File Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\daalnacchhlkibknjogbcpnggjoagnie

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager

Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\prefs.js ]

 

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");


Line Deleted : user_pref("browser.search.order.1", "WebSearch");

Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Line Deleted : user_pref("extensions.50a7255c5f753.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");[...]

Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1202");

Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzyyDtBtD0D0D0FtDtAzytN0D0Tzu0CyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

Line Deleted : user_pref("extensions.mysearchdial.cr", "218193065");

Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");

Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);

Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);

Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);


Line Deleted : user_pref("extensions.mysearchdial.id", "C80AA99520DDF039");

Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16066");

Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");


Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");


Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);

Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:54:45");

Line Deleted : user_pref("quickstores.toolbar.affid", "");

Line Deleted : user_pref("quickstores.toolbar.guid", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

 

[ File : C:\Users\Roxanne\AppData\Roaming\Mozilla\Firefox\Profiles\tn182bt5.default\prefs.js ]

 

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);


Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

 

[ File : C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\zu6urqrt.default\prefs.js ]

 

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);


Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

 

-\\ Google Chrome v

 

[ File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [14148 octets] - [28/12/2013 16:52:51]

AdwCleaner[R1].txt - [15569 octets] - [06/01/2014 19:36:58]

AdwCleaner[s0].txt - [14264 octets] - [06/01/2014 19:43:42]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14325 octets] ##########

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.06.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Scott :: RIVENDELL [administrator]

 

Protection: Enabled

 

1/6/2014 7:51:51 PM

MBAM-log-2014-01-06 (20-10-44).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 335510

Time elapsed: 16 minute(s), 49 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\Scott\Downloads\Updater_Setup.exe (PUP.Optional.iBryte) -> No action taken.

 

(end)
Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Scott (administrator) on RIVENDELL on 06-01-2014 21:54:56
Running from C:\Users\Scott\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Monsoon Multimedia Inc.) C:\Program Files (x86)\Belkin\@TV\Common\havasvc.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Dragon Global) C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-13] (IDT, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-02-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
HKCU\...\Run: [Google Update] - C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-07] (Google Inc.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1264360 2012-12-18] (Adobe Systems Incorporated)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2013-12-27] (SlySoft, Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Scott\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
HKCU\...\Run: [Jump Desktop] - C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [469032 2013-05-07] (Phase Five Systems)
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Scott\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID 0913a
MountPoints2: {28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} - G:\setup.exe -a
MountPoints2: {5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} - G:\VZW_Software_upgrade_assistant.exe
MountPoints2: {73f42c51-5912-11e3-b8d2-c80aa99520dd} - G:\TL_Bootstrap.exe
MountPoints2: {783e61f0-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exe
MountPoints2: {783e6249-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exe
MountPoints2: {9a408aac-248f-11e2-9652-70f3952b74f7} - G:\setup.exe -a
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Guest\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Roxanne\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Roxanne\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7695272 2013-12-27] (SlySoft, Inc.)
HKU\Roxanne\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKU\Xander\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Xander\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
BootExecute: autocheck autochk *  /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {61C0665B-F355-4ECB-96A6-03B9FE8509AF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzyyDtBtD0D0D0FtDtAzytN0D0Tzu0CyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=218193065&ir=
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Scott\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\facebook.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\hulu.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\webster.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\searchplugins\wikipedia-eng.xml
FF Extension: NoScript - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\vot1f0vw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
 
Chrome: 
=======
CHR DefaultSearchProvider: Google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Angry Birds) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_9
CHR Extension: (Email this page (by Google)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_9
CHR Extension: (PDFescape Free PDF Editor) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0
CHR Extension: (NotScripts for Chrome OS) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggelcmlddhfancdnejmjpjifkdohobkd\0.9.6.2_0
CHR Extension: (Google Voice (by Google)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0
CHR Extension: (Pocket Legends) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\2.0.0.0_1
CHR Extension: (Plants vs Zombies) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6
CHR Extension: (NotScripts) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
CHR StartMenuInternet: Google Chrome - C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-08-15] (BitRaider, LLC)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [252928 2012-05-31] ()
R2 havasvc; C:\Program Files (x86)\Belkin\@TV\Common\havasvc.exe [150224 2012-12-27] (Monsoon Multimedia Inc.)
R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2013-05-07] (Phase Five Systems)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2074112 2010-02-08] (Dragon Global)
S3 SMServer; C:\Windows\SysWOW64\snmvtsvc.exe [260608 2012-06-01] (SMServer)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe [244736 2010-01-13] (IDT, Inc.)
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [74024 2013-06-05] (BitRaider)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
R3 havabus; C:\Windows\System32\DRIVERS\havabus.sys [45056 2012-12-27] (Monsoon Multimedia Inc.)
R3 HAVATV; C:\Windows\System32\DRIVERS\HAVATV.sys [189568 2012-12-27] (Monsoon Multimedia Inc.)
R3 HavaTV_10; C:\Windows\System32\DRIVERS\HavaTV_10.sys [189568 2012-12-27] (Monsoon Multimedia Inc.)
S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38912 2009-10-09] (Hauppauge Computer Works, Inc.)
S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1627520 2009-10-09] (Hauppauge Computer Works, Inc.)
S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1630080 2009-10-09] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34088 2012-06-05] (Windows ® Win 7 DDK provider)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotDev; system32\DRIVERS\motodrv.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-06 21:54 - 2014-01-06 21:55 - 00029932 _____ C:\Users\Scott\Downloads\FRST.txt
2014-01-06 21:54 - 2014-01-06 21:54 - 01931762 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
2014-01-06 21:54 - 2014-01-06 21:54 - 00000000 ____D C:\FRST
2014-01-06 21:52 - 2014-01-06 21:52 - 00000292 _____ C:\Users\Scott\Desktop\eset.txt
2014-01-06 20:16 - 2014-01-06 20:16 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-06 20:15 - 2014-01-06 20:15 - 02347384 _____ (ESET) C:\Users\Scott\Downloads\esetsmartinstaller_enu.exe
2014-01-06 19:47 - 2014-01-06 19:47 - 00014446 _____ C:\Users\Scott\Desktop\AdwCleaner[s0].txt
2014-01-06 19:36 - 2014-01-06 19:36 - 01233962 _____ C:\Users\Scott\Downloads\AdwCleaner (1).exe
2014-01-06 19:31 - 2014-01-06 19:32 - 00002372 _____ C:\Users\Scott\Desktop\Rkill.txt
2014-01-06 19:31 - 2014-01-06 19:31 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Scott\Downloads\rkill.exe
2014-01-06 19:31 - 2014-01-06 19:31 - 00000000 ____D C:\Users\Scott\Desktop\rkill
2014-01-06 19:04 - 2014-01-06 19:29 - 01036305 _____ (Thisisu) C:\Users\Scott\Desktop\JRT.exe
2014-01-06 17:05 - 2014-01-06 18:58 - 00000000 ____D C:\Users\Scott\Desktop\mbar
2014-01-06 17:05 - 2014-01-06 17:48 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-06 17:04 - 2014-01-06 17:04 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Scott\Downloads\mbar-1.07.0.1008.exe
2014-01-06 17:02 - 2014-01-06 17:02 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-06 17:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-06 17:01 - 2014-01-06 17:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Scott\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 16:46 - 2014-01-06 16:46 - 00000000 ____D C:\ProgramData\Recovery
2014-01-03 19:57 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pefeubxe
2014-01-03 19:43 - 2014-01-06 17:43 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kouvywaf
2014-01-03 19:34 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Lufuduov
2014-01-03 19:12 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Gyepky
2014-01-03 18:39 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Migeed
2014-01-03 17:58 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awitryu
2014-01-03 17:57 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Byipowyr
2014-01-03 17:54 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awukzo
2014-01-03 17:51 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fiolvuoh
2014-01-03 17:48 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ryqyinn
2014-01-03 17:44 - 2014-01-03 17:44 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2014-01-03 17:43 - 2014-01-06 17:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 17:43 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Deagampa
2014-01-03 17:43 - 2014-01-03 17:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-03 17:42 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kaxygeo
2014-01-03 17:38 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umamuke
2014-01-03 17:35 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yqyksysy
2014-01-03 17:32 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ixirdo
2014-01-03 17:30 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Worikuy
2014-01-03 17:27 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ebkuadiv
2014-01-03 17:25 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Iqarfypa
2014-01-03 17:25 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fizoydis
2014-01-03 17:23 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Appuuwa
2014-01-03 17:22 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umhoiv
2014-01-03 17:19 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Epolvywa
2014-01-03 17:17 - 2014-01-06 16:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yntyyti
2014-01-03 17:17 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Atzyyq
2014-01-03 17:14 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ofdobo
2014-01-03 17:11 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Qiazpepi
2014-01-03 17:09 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ohehfua
2014-01-03 17:06 - 2014-01-03 18:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pyuboc
2014-01-03 15:53 - 2014-01-03 15:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ekivavpy
2014-01-03 11:26 - 2014-01-03 11:26 - 00012326 _____ C:\Users\Scott\AppData\Local\ftahroxe
2014-01-03 11:25 - 2014-01-03 11:25 - 00067992 _____ C:\Users\Scott\AppData\Local\mmgootcb
2014-01-03 11:24 - 2014-01-03 11:24 - 00000000 _____ C:\Users\Scott\AppData\Roaming\SharedSettings.ccs
2014-01-01 16:17 - 2014-01-01 16:17 - 548713398 _____ C:\Windows\MEMORY.DMP
2014-01-01 16:17 - 2014-01-01 16:17 - 01370592 _____ C:\Windows\Minidump\010114-39031-01.dmp
2013-12-30 19:45 - 2013-12-30 19:45 - 00000000 ____D C:\Windows\Sun
2013-12-30 10:21 - 2013-12-30 10:21 - 00709934 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155 (1).zip
2013-12-30 10:04 - 2013-12-30 10:05 - 00000022 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155.zip
2013-12-29 17:47 - 2013-12-29 17:47 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Plex Home Theater
2013-12-29 17:47 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-29 17:46 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-29 17:45 - 2014-01-06 16:52 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-29 17:44 - 2014-01-06 16:52 - 00000000 ____D C:\Program Files (x86)\Plex Home Theater
2013-12-29 17:42 - 2013-12-29 17:43 - 60419104 _____ C:\Users\Scott\Downloads\PlexHomeTheater-1.0.7.169-303ab8cc-windows-x86.exe
2013-12-28 17:36 - 2013-12-28 17:36 - 00005051 _____ C:\Users\Scott\Downloads\ScorchTrials-56047.odm
2013-12-28 17:25 - 2013-12-28 17:25 - 00004950 _____ C:\Users\Scott\Downloads\BreakingDawn9780739367704.odm
2013-12-28 17:25 - 2013-12-28 17:25 - 00004850 _____ C:\Users\Scott\Downloads\Eclipse9780739361009.odm
2013-12-28 16:52 - 2014-01-06 19:43 - 00000000 ____D C:\AdwCleaner
2013-12-28 16:51 - 2013-12-28 16:51 - 01233962 _____ C:\Users\Scott\Downloads\adwcleaner.exe
2013-12-27 19:55 - 2014-01-06 16:52 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2013-12-27 14:44 - 2013-12-27 14:44 - 10558760 _____ C:\Users\Scott\Downloads\SetupAnyDVD7390.exe
2013-12-26 22:27 - 2013-12-26 22:27 - 00011953 _____ C:\Users\Scott\Downloads\national_expense_standards.xlsx
2013-12-26 22:27 - 2013-12-26 22:27 - 00009388 _____ C:\Users\Scott\Downloads\national_oop_healthcare.xlsx
2013-12-23 22:59 - 2013-12-23 22:59 - 00000000 ____D C:\Users\Scott\AppData\Local\Blizzard Entertainment
2013-12-23 18:47 - 2014-01-06 16:52 - 00000000 ____D C:\ProgramData\Battle.net
2013-12-23 18:47 - 2013-12-25 19:09 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-23 18:46 - 2013-12-23 18:46 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS (1).exe
2013-12-23 18:43 - 2013-12-23 18:43 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS.exe
2013-12-21 21:15 - 2014-01-06 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 15:37 - 2013-12-21 15:37 - 00006774 _____ C:\Users\Scott\Downloads\HarryPotterandtheChamberofSecretsUS.odm
2013-12-21 15:33 - 2013-12-21 15:33 - 00009161 _____ C:\Users\Scott\Downloads\MemoryofLight.odm
2013-12-21 15:33 - 2013-12-21 15:33 - 00006483 _____ C:\Users\Scott\Downloads\EyeoftheWorldWheelofTimeSeriesBook01-56627.odm
2013-12-21 15:29 - 2013-12-21 15:29 - 00004730 _____ C:\Users\Scott\Downloads\NewMoon0739348302.odm
2013-12-21 15:27 - 2013-12-21 15:27 - 00003491 _____ C:\Users\Scott\Downloads\Hobbit9781405629423.odm
2013-12-18 19:14 - 2013-12-18 19:14 - 00005627 _____ C:\Users\Scott\Downloads\LostGate9781441771674.odm
2013-12-15 07:16 - 2013-12-15 07:16 - 00005182 _____ C:\Users\Scott\Downloads\0743572769-1495.odm
2013-12-11 16:41 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 16:41 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 16:41 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 16:41 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 16:39 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 16:39 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 16:39 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 16:39 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 16:39 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 16:39 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 16:39 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 16:39 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 16:39 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 16:39 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 16:39 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 16:39 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 16:39 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 16:39 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 16:39 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 16:39 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 16:39 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 16:39 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 16:39 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 16:39 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 16:39 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 16:39 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 16:39 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 16:39 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 16:39 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 16:39 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 16:39 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 16:39 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 16:39 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 16:39 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 16:39 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 13:36 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 13:36 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 13:36 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 13:36 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 13:36 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 13:36 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 13:36 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 13:36 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 13:36 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 13:35 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 13:35 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 13:35 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 13:35 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 13:35 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 13:35 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 13:35 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 13:35 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 13:35 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 13:35 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 
==================== One Month Modified Files and Folders =======
 
2014-01-06 21:55 - 2014-01-06 21:54 - 00029932 _____ C:\Users\Scott\Downloads\FRST.txt
2014-01-06 21:54 - 2014-01-06 21:54 - 01931762 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
2014-01-06 21:54 - 2014-01-06 21:54 - 00000000 ____D C:\FRST
2014-01-06 21:54 - 2010-05-18 01:44 - 02048184 _____ C:\Windows\WindowsUpdate.log
2014-01-06 21:53 - 2010-08-07 19:21 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 21:52 - 2014-01-06 21:52 - 00000292 _____ C:\Users\Scott\Desktop\eset.txt
2014-01-06 21:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2014-01-06 21:47 - 2010-08-07 18:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job
2014-01-06 21:45 - 2012-04-12 19:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 20:22 - 2009-07-13 20:45 - 00028384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 20:22 - 2009-07-13 20:45 - 00028384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 20:16 - 2014-01-06 20:16 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-06 20:15 - 2014-01-06 20:15 - 02347384 _____ (ESET) C:\Users\Scott\Downloads\esetsmartinstaller_enu.exe
2014-01-06 20:13 - 2010-08-07 19:21 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 20:12 - 2012-08-20 18:04 - 00048054 _____ C:\Windows\PFRO.log
2014-01-06 20:12 - 2012-07-29 06:40 - 00062955 _____ C:\Windows\setupact.log
2014-01-06 20:12 - 2010-06-16 10:15 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-06 20:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 20:00 - 2010-06-09 20:38 - 00000000 ___HD C:\Users\Scott\AppData\Local\CrashDumps
2014-01-06 19:47 - 2014-01-06 19:47 - 00014446 _____ C:\Users\Scott\Desktop\AdwCleaner[s0].txt
2014-01-06 19:43 - 2013-12-28 16:52 - 00000000 ____D C:\AdwCleaner
2014-01-06 19:36 - 2014-01-06 19:36 - 01233962 _____ C:\Users\Scott\Downloads\AdwCleaner (1).exe
2014-01-06 19:32 - 2014-01-06 19:31 - 00002372 _____ C:\Users\Scott\Desktop\Rkill.txt
2014-01-06 19:31 - 2014-01-06 19:31 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Scott\Downloads\rkill.exe
2014-01-06 19:31 - 2014-01-06 19:31 - 00000000 ____D C:\Users\Scott\Desktop\rkill
2014-01-06 19:29 - 2014-01-06 19:04 - 01036305 _____ (Thisisu) C:\Users\Scott\Desktop\JRT.exe
2014-01-06 18:58 - 2014-01-06 17:05 - 00000000 ____D C:\Users\Scott\Desktop\mbar
2014-01-06 17:53 - 2010-11-03 05:20 - 00389724 _____ C:\Windows\system32\prfh0804.dat
2014-01-06 17:53 - 2010-11-03 05:20 - 00124356 _____ C:\Windows\system32\prfc0804.dat
2014-01-06 17:53 - 2010-11-03 05:14 - 00423534 _____ C:\Windows\system32\perfh011.dat
2014-01-06 17:53 - 2010-11-03 05:14 - 00126496 _____ C:\Windows\system32\perfc011.dat
2014-01-06 17:53 - 2009-07-13 21:13 - 01844102 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 17:48 - 2014-01-06 17:05 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-06 17:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\TAPI
2014-01-06 17:43 - 2014-01-03 19:43 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kouvywaf
2014-01-06 17:04 - 2014-01-06 17:04 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Scott\Downloads\mbar-1.07.0.1008.exe
2014-01-06 17:02 - 2014-01-06 17:02 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-06 17:02 - 2014-01-03 17:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 17:01 - 2014-01-06 17:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Scott\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-06 16:58 - 2012-12-16 07:50 - 00000000 ____D C:\Users\Scott\AppData\Local\Avg2013
2014-01-06 16:58 - 2010-06-08 16:59 - 00000000 ___HD C:\Users\Scott
2014-01-06 16:56 - 2012-10-14 05:52 - 00000000 ____D C:\Users\Xander
2014-01-06 16:56 - 2010-07-27 09:27 - 00000000 ____D C:\Users\Guest
2014-01-06 16:56 - 2010-06-21 06:28 - 00000000 ____D C:\Users\Roxanne
2014-01-06 16:56 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2014-01-06 16:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2014-01-06 16:55 - 2012-12-16 07:59 - 00000000 ____D C:\ProgramData\AVG2013
2014-01-06 16:55 - 2012-03-26 18:46 - 00000000 ____D C:\ProgramData\MFAData
2014-01-06 16:55 - 2010-06-08 21:13 - 00000000 ____D C:\BestCase
2014-01-06 16:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-06 16:54 - 2014-01-03 19:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pefeubxe
2014-01-06 16:54 - 2014-01-03 19:34 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Lufuduov
2014-01-06 16:54 - 2014-01-03 19:12 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Gyepky
2014-01-06 16:54 - 2014-01-03 18:39 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Migeed
2014-01-06 16:54 - 2014-01-03 17:48 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ryqyinn
2014-01-06 16:54 - 2014-01-03 17:25 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Iqarfypa
2014-01-06 16:54 - 2014-01-03 17:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Appuuwa
2014-01-06 16:54 - 2014-01-03 17:17 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yntyyti
2014-01-06 16:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2014-01-06 16:52 - 2013-12-29 17:45 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-06 16:52 - 2013-12-29 17:44 - 00000000 ____D C:\Program Files (x86)\Plex Home Theater
2014-01-06 16:52 - 2013-12-27 19:55 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2014-01-06 16:52 - 2013-12-23 18:47 - 00000000 ____D C:\ProgramData\Battle.net
2014-01-06 16:52 - 2013-12-21 21:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-06 16:52 - 2013-11-29 14:09 - 00000000 ____D C:\Users\Roxanne\AppData\Roaming\LG Electronics
2014-01-06 16:52 - 2013-10-13 09:21 - 00000000 ____D C:\Users\Roxanne\AppData\Roaming\AVG2013
2014-01-06 16:52 - 2013-10-13 09:20 - 00000000 ____D C:\Users\Roxanne\AppData\Roaming\Motorola
2014-01-06 16:52 - 2013-09-02 08:37 - 00000000 ____D C:\Program Files\Windows Live
2014-01-06 16:52 - 2013-08-15 12:39 - 00000000 ____D C:\Users\Scott\Documents\Fax
2014-01-06 16:52 - 2013-06-05 18:04 - 00000000 ____D C:\Users\Scott\Documents\My Games
2014-01-06 16:52 - 2013-06-05 17:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-06 16:52 - 2013-04-29 18:14 - 00000000 ____D C:\Users\Scott\AppData\Local\IR
2014-01-06 16:52 - 2013-04-29 18:12 - 00000000 ____D C:\Program Files (x86)\Belkin
2014-01-06 16:52 - 2013-04-07 12:57 - 00000000 ____D C:\Users\Scott\AppData\Local\SWTOR
2014-01-06 16:52 - 2013-04-07 11:11 - 00000000 ____D C:\Users\Scott\Downloads\swtor
2014-01-06 16:52 - 2013-03-24 18:21 - 00000000 ____D C:\Program Files (x86)\FamilySearch Indexing
2014-01-06 16:52 - 2013-03-12 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-06 16:52 - 2013-03-12 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-06 16:52 - 2013-02-08 19:53 - 00000000 ____D C:\Users\Xander\AppData\Roaming\AVG2013
2014-01-06 16:52 - 2012-10-14 05:59 - 00000000 ____D C:\Users\Xander\AppData\Roaming\.minecraft
2014-01-06 16:52 - 2012-10-14 05:54 - 00000000 ____D C:\Users\Xander\AppData\Roaming\Mozilla
2014-01-06 16:52 - 2012-10-14 05:54 - 00000000 ____D C:\Users\Xander\AppData\Local\Mozilla
2014-01-06 16:52 - 2012-10-14 05:52 - 00000000 ___RD C:\Users\Xander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-06 16:52 - 2012-10-14 05:52 - 00000000 ____D C:\Users\Xander\AppData\Roaming\Motorola
2014-01-06 16:52 - 2012-10-14 05:52 - 00000000 ____D C:\Users\Xander\AppData\Roaming\DigitalPersona
2014-01-06 16:52 - 2010-02-28 09:18 - 00000000 __RHD C:\MSOCache
2014-01-06 16:46 - 2014-01-06 16:46 - 00000000 ____D C:\ProgramData\Recovery
2014-01-04 20:13 - 2012-03-26 18:50 - 00000000 ___HD C:\$AVG
2014-01-04 19:43 - 2012-08-23 06:24 - 00009330 _____ C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML
2014-01-03 21:35 - 2010-10-31 19:18 - 00000000 ____D C:\Users\Scott\Documents\Outlook Files
2014-01-03 18:27 - 2014-01-03 17:58 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awitryu
2014-01-03 18:27 - 2014-01-03 17:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Byipowyr
2014-01-03 18:27 - 2014-01-03 17:54 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Awukzo
2014-01-03 18:27 - 2014-01-03 17:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fiolvuoh
2014-01-03 18:27 - 2014-01-03 17:43 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Deagampa
2014-01-03 18:27 - 2014-01-03 17:42 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Kaxygeo
2014-01-03 18:27 - 2014-01-03 17:38 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umamuke
2014-01-03 18:27 - 2014-01-03 17:35 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yqyksysy
2014-01-03 18:27 - 2014-01-03 17:32 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ixirdo
2014-01-03 18:27 - 2014-01-03 17:30 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Worikuy
2014-01-03 18:27 - 2014-01-03 17:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ebkuadiv
2014-01-03 18:27 - 2014-01-03 17:25 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Fizoydis
2014-01-03 18:27 - 2014-01-03 17:22 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Umhoiv
2014-01-03 18:27 - 2014-01-03 17:19 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Epolvywa
2014-01-03 18:27 - 2014-01-03 17:17 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Atzyyq
2014-01-03 18:27 - 2014-01-03 17:14 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ofdobo
2014-01-03 18:27 - 2014-01-03 17:11 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Qiazpepi
2014-01-03 18:27 - 2014-01-03 17:09 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ohehfua
2014-01-03 18:27 - 2014-01-03 17:06 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Pyuboc
2014-01-03 17:44 - 2014-01-03 17:44 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2014-01-03 17:43 - 2014-01-03 17:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-03 16:43 - 2010-06-09 07:53 - 00000000 ____D C:\Users\Scott\Documents\BK
2014-01-03 15:57 - 2014-01-03 15:53 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Ekivavpy
2014-01-03 11:35 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-03 11:26 - 2014-01-03 11:26 - 00012326 _____ C:\Users\Scott\AppData\Local\ftahroxe
2014-01-03 11:25 - 2014-01-03 11:25 - 00067992 _____ C:\Users\Scott\AppData\Local\mmgootcb
2014-01-03 11:24 - 2014-01-03 11:24 - 00000000 _____ C:\Users\Scott\AppData\Roaming\SharedSettings.ccs
2014-01-03 07:47 - 2010-08-07 18:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job
2014-01-02 20:32 - 2013-05-10 08:45 - 00002285 _____ C:\Windows\BESTCWND.INI
2014-01-02 20:32 - 2009-08-11 09:25 - 00002370 _____ C:\Windows\bestcase.ini
2014-01-02 20:08 - 2013-05-10 08:45 - 00000188 _____ C:\Windows\BestCOpn.ini
2014-01-01 16:17 - 2014-01-01 16:17 - 548713398 _____ C:\Windows\MEMORY.DMP
2014-01-01 16:17 - 2014-01-01 16:17 - 01370592 _____ C:\Windows\Minidump\010114-39031-01.dmp
2014-01-01 16:17 - 2010-06-09 06:47 - 00000000 ____D C:\Windows\Minidump
2013-12-31 20:48 - 2010-06-08 21:29 - 00000000 ____D C:\ECF
2013-12-30 22:31 - 2013-04-29 18:24 - 00000000 ____D C:\Users\Scott\Documents\@TVTimeShift
2013-12-30 21:09 - 2013-04-29 18:24 - 03517297 _____ C:\Users\Scott\AppData\Local\Tempchannel_logos.zip
2013-12-30 20:03 - 2011-12-29 21:13 - 00000000 ____D C:\Users\Scott\Desktop\Professorships
2013-12-30 19:45 - 2013-12-30 19:45 - 00000000 ____D C:\Windows\Sun
2013-12-30 10:21 - 2013-12-30 10:21 - 00709934 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155 (1).zip
2013-12-30 10:05 - 2013-12-30 10:04 - 00000022 _____ C:\Users\Scott\Downloads\smsfromlucasdeleon7026281155.zip
2013-12-29 17:47 - 2013-12-29 17:47 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Plex Home Theater
2013-12-29 17:43 - 2013-12-29 17:42 - 60419104 _____ C:\Users\Scott\Downloads\PlexHomeTheater-1.0.7.169-303ab8cc-windows-x86.exe
2013-12-28 20:50 - 2013-01-12 21:02 - 00000000 ____D C:\Users\Scott\AppData\Roaming\HandBrake
2013-12-28 20:29 - 2010-06-09 18:00 - 00000000 ____D C:\Users\Scott\Desktop\Converted
2013-12-28 17:36 - 2013-12-28 17:36 - 00005051 _____ C:\Users\Scott\Downloads\ScorchTrials-56047.odm
2013-12-28 17:25 - 2013-12-28 17:25 - 00004950 _____ C:\Users\Scott\Downloads\BreakingDawn9780739367704.odm
2013-12-28 17:25 - 2013-12-28 17:25 - 00004850 _____ C:\Users\Scott\Downloads\Eclipse9780739361009.odm
2013-12-28 16:51 - 2013-12-28 16:51 - 01233962 _____ C:\Users\Scott\Downloads\adwcleaner.exe
2013-12-27 20:46 - 2012-05-05 12:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-27 19:27 - 2012-07-29 11:35 - 00000000 _____ C:\Windows\SysWOW64\mswinsck32.ocx
2013-12-27 16:29 - 2010-06-08 18:13 - 00000000 ___HD C:\Users\Scott\AppData\Local\Mozilla
2013-12-27 14:44 - 2013-12-27 14:44 - 10558760 _____ C:\Users\Scott\Downloads\SetupAnyDVD7390.exe
2013-12-26 22:27 - 2013-12-26 22:27 - 00011953 _____ C:\Users\Scott\Downloads\national_expense_standards.xlsx
2013-12-26 22:27 - 2013-12-26 22:27 - 00009388 _____ C:\Users\Scott\Downloads\national_oop_healthcare.xlsx
2013-12-25 19:09 - 2013-12-23 18:47 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-24 21:00 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-24 13:48 - 2010-06-09 07:57 - 00000000 ____D C:\Users\Scott\Documents\DRS personal
2013-12-23 22:59 - 2013-12-23 22:59 - 00000000 ____D C:\Users\Scott\AppData\Local\Blizzard Entertainment
2013-12-23 18:46 - 2013-12-23 18:46 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS (1).exe
2013-12-23 18:43 - 2013-12-23 18:43 - 83293072 _____ (Blizzard Entertainment) C:\Users\Scott\Downloads\World-of-Warcraft-Setup-enUS.exe
2013-12-22 13:12 - 2012-02-26 18:07 - 00000000 ____D C:\Users\Scott\Documents\Cubs
2013-12-21 15:37 - 2013-12-21 15:37 - 00006774 _____ C:\Users\Scott\Downloads\HarryPotterandtheChamberofSecretsUS.odm
2013-12-21 15:33 - 2013-12-21 15:33 - 00009161 _____ C:\Users\Scott\Downloads\MemoryofLight.odm
2013-12-21 15:33 - 2013-12-21 15:33 - 00006483 _____ C:\Users\Scott\Downloads\EyeoftheWorldWheelofTimeSeriesBook01-56627.odm
2013-12-21 15:29 - 2013-12-21 15:29 - 00004730 _____ C:\Users\Scott\Downloads\NewMoon0739348302.odm
2013-12-21 15:27 - 2013-12-21 15:27 - 00003491 _____ C:\Users\Scott\Downloads\Hobbit9781405629423.odm
2013-12-18 19:14 - 2013-12-18 19:14 - 00005627 _____ C:\Users\Scott\Downloads\LostGate9781441771674.odm
2013-12-17 17:38 - 2010-08-28 12:50 - 00000000 ____D C:\Users\Scott\Documents\IRS
2013-12-15 07:16 - 2013-12-15 07:16 - 00005182 _____ C:\Users\Scott\Downloads\0743572769-1495.odm
2013-12-14 22:30 - 2013-08-05 02:05 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 22:27 - 2010-07-02 07:29 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 17:55 - 2010-08-07 19:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 09:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 17:10 - 2009-07-13 20:45 - 00423008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 16:41 - 2010-02-28 09:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 13:45 - 2012-04-12 19:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 13:45 - 2012-04-12 19:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 13:45 - 2011-05-14 10:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 13:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-08 22:33 - 2013-04-29 18:24 - 00000000 ____D C:\Users\Scott\Documents\My @TV Recordings
2013-12-08 07:42 - 2010-08-07 18:08 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA
2013-12-08 07:42 - 2010-08-07 18:08 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core
 
Files to move or delete:
====================
C:\Users\Scott\jobq.dat
 
 
Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\78503uninstall.exe
C:\Users\Scott\AppData\Local\Temp\@TVSoftware.exe
C:\Users\Scott\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Scott\AppData\Local\Temp\i4jdel0.exe
C:\Users\Scott\AppData\Local\Temp\instmsia.exe
C:\Users\Scott\AppData\Local\Temp\instmsiw.exe
C:\Users\Scott\AppData\Local\Temp\ISSetup.dll
C:\Users\Scott\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
C:\Users\Scott\AppData\Local\Temp\Setup.exe
C:\Users\Scott\AppData\Local\Temp\Sqlite3.dll
C:\Users\Scott\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 00:55
 
==================== End Of Log ============================

 

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014

Ran by Scott at 2014-01-06 21:55:49

Running from C:\Users\Scott\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)

Adobe Acrobat X Pro (x32 Version: 10.1.6 - Adobe Systems)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated)

Adobe Flash Player 10 ActiveX (x32 Version: 10.0.42.34 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Reader 9.4.6 MUI (x32 Version: 9.4.6 - Adobe Systems Incorporated)

Adobe Shockwave Player (x32 Version: 11.5.1.601 - Adobe Systems, Inc.)

AnyDVD (x32 Version: 7.3.9.0 - SlySoft)

ATI Catalyst Install Manager (Version: 3.0.758.0 - ATI Technologies, Inc.)

Audiograbber 1.83 SE  (x32 Version: 1.83 SE  - Audiograbber)

AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.3658 - AVG Technologies) Hidden

AVG 2013 (Version: 2013.0.3462 - AVG Technologies)

Belkin @TV Software (x32 Version: 1.8.3.206 - Belkin)

Belkin @TV Software (x32 Version: 1.8.3.206 - Belkin) Hidden

Best Case Bankruptcy (x32 Version: 22 - Best Case Bankruptcy)

BitRaider Web Client (x32 Version: 1.1.6.3 - BitRaider, LLC)

Broadcom 2070 Bluetooth 2.1 + EDR (Version: 6.2.1.1100 - Broadcom Corporation)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden

ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden

ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

Citrix online plug-in - web (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.)

Citrix online plug-in (DV) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (HDX) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (USB) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (Web) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (x32 Version:  - )

ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)

FamilySearch Indexing 3.17.3 (x32 Version: 3.17.3 - FamilySearch)

Free YouTube Downloader 3.5.184 (x32 Version:  - HOW Inc.)

Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)

Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)

Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

HandBrake 0.9.9.1 (x32 Version: 0.9.9.1 - )

HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden

HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43 - )

HP SimplePass Identity Protection (Version: 5.00.140 - DigitalPersona, Inc.)

HP Wireless Assistant (Version: 4.0.3.2 - Hewlett-Packard)

IDT Audio (x32 Version: 1.0.6265.0 - IDT)

Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (x32 Version: 9.5.4.1001 - Intel Corporation)

Intel® Turbo Boost Technology Driver (x32 Version: 01.00.01.1002 - Intel Corporation)

Internet TV for Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)

Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java 6 Update 17 (64-bit) (Version: 6.0.170 - Sun Microsystems, Inc.)

Jump Desktop (x32 Version: 3.3.3 - Phase Five Systems)

Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden

Logitech SetPoint (x32 Version: 4.80 - Logitech)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (x32 Version:  - )

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (x32 Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

Netflix in Windows Media Center (x32 Version: 3.3.101.0 - Microsoft Corporation)

NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation)

OggSync8 (x32 Version: 8.0.5 - ICOA Inc.)

OverDrive Media Console (x32 Version: 3.2.20 - OverDrive, Inc.)

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)

Plex Home Theater (x32 Version: 1.0.7 - Plex inc)

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)

Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.11.1127.2009 - Realtek)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden

Replay Media Catcher 4 (Version: 4.1.1 - Applian Technologies)

Replay Video Capture (x32 Version: 4.2 - Applian Technologies Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

ShowAnalyzerSuite (x32 Version: 1.0.59.783 - Dragon Global)

Skype Toolbars (x32 Version: 5.3.7555 - Skype Technologies S.A.)

Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)

SoundTaxi 4.3.8 (x32 Version: 4.3.8 - cyan soft ltd)

SoundTaxi Media Suite 4.3.8 (x32 Version: 4.3.8 - cyan soft ltd)

Star Wars: The Old Republic (x32 Version: 1.00 - Electronic Arts, Inc.)

Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)

TuneGet 3.3.8 (x32 Version: 3.3.8 - cyan soft ltd)

Unity Web Player (HKCU Version:  - Unity Technologies ApS)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

uRex DVD Ripper Platinum (HKCU Version:  - uRexsoft, Inc. All Rights Reserved.)

uRex DVD Ripper Platinum (x32 Version:  - uRexsoft, Inc. All Rights Reserved.)

Validity Sensors DDK (Version: 4.1.129.0 - Validity Sensors, Inc.)

Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)

WinDirStat 1.1.2 (HKCU Version:  - )

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows Driver Package - U.S. Robotics Corporation Model 5637 Voice Driver (01/28/2011 3.1.0.46) (Version: 01/28/2011 3.1.0.46 - U.S. Robotics Corporation)

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Media Center Add-in for Flash (x32 Version: 4.1.2.0 - Microsoft Corporation)

Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0 - Microsoft Corporation)

Windows Media Encoder 9 Series (x32 Version:  - )

Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)

WinX Bluray DVD iPhone Ripper 4.5.1 (x32 Version:  - Digiarty Software,Inc.)

WinX HD Video Converter Deluxe 3.12.1 (x32 Version:  - Digiarty Software,Inc.)

XviD MPEG-4 Video Codec (x32 Version: XviD-1.0-09052004 - XviD Team (Koepi))

 

==================== Restore Points  =========================

 

03-01-2014 16:11:10 Windows Update

05-01-2014 04:12:04 Removed AVG 2013

05-01-2014 04:13:49 Removed AVG 2013

07-01-2014 01:42:53 Malwarebytes Anti-Rootkit Restore Point

 

==================== Hosts content: ==========================

 

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {03D11EB0-38D6-4DAF-8038-8392CEDA8085} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe

Task: {4EB3019B-5853-433C-AADF-0510D23D98EA} - System32\Tasks\{357D6AC3-E9F0-48F7-8170-EF999700B1C2} => C:\Program Files (x86)\Replay Media Catcher\MediaCatcher.exe

Task: {60EC2B2F-6652-4FDA-9C66-42D2BE013B23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)

Task: {62BFC646-BD92-4AF5-BA70-D2301E078975} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {7C3A01F9-A8A4-403A-A9C0-5844D5F8F941} - System32\Tasks\{E3B77F80-4AF3-4FA1-8A34-F5C7DC216ECE} => C:\Program Files (x86)\Replay Media Catcher\MediaCatcher.exe

Task: {9A024779-7208-42C8-9584-659F7D05846C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.)

Task: {A348336F-0901-446D-83F3-8C111D2FF7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.)

Task: {C842BE89-69CA-49A3-9ADD-05EBE666FE98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.)

Task: {D018AF52-E104-42F2-BA96-E7480ACB078A} - System32\Tasks\{74DB4A69-529D-4AEE-8D3B-C6DC0C9B7475} => C:\Program Files (x86)\Replay Media Catcher\MediaCatcher.exe

Task: {E800CA63-FD28-45A6-897C-F01F3E2A33AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.)

Task: {F6B37A61-9E3C-427A-B702-BA3CD3C75E55} - System32\Tasks\{89776D4C-4D7E-4BC5-90A6-7A502FC654B7} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

 

==================== Loaded Modules (whitelisted) =============

 

2009-12-16 14:51 - 2009-12-16 14:51 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll

2009-12-16 14:51 - 2009-12-16 14:51 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll

2013-05-07 11:42 - 2013-05-07 11:42 - 02112040 _____ () C:\Program Files (x86)\Jump Desktop\JumpNetwork.dll

2013-12-05 11:45 - 2013-12-03 18:47 - 00702416 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 11:45 - 2013-12-03 18:47 - 00099792 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 11:45 - 2013-12-03 18:48 - 04055504 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 11:45 - 2013-12-03 18:48 - 00399312 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 11:45 - 2013-12-03 18:47 - 01619408 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Windows\SysWOW64\mswinsck32.ocx:rsrc

AlternateDataStreams: C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

 

==================== Faulty Device Manager Devices =============

 

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology

Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Broadcom

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Motorola Flash Interface

Description: Motorola Flash Interface

Class Guid: {feb8d079-0681-11d4-9531-0060089abc08}

Manufacturer: Motorola Inc

Service: MotDev

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

Name: Motorola Flash Interface

Description: Motorola Flash Interface

Class Guid: {feb8d079-0681-11d4-9531-0060089abc08}

Manufacturer: Motorola Inc

Service: MotDev

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

Name: Android Composite ADB Interface

Description: Android Composite ADB Interface

Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}

Manufacturer: Google, Inc.

Service: WinUSB

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/06/2014 08:16:12 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/06/2014 08:13:13 PM) (Source: Application Error) (User: )

Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4

Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da

Exception code: 0xc0000005

Fault offset: 0x000808f1

Faulting process id: 0x34c

Faulting application start time: 0xavgwdsvc.exe0

Faulting application path: avgwdsvc.exe1

Faulting module path: avgwdsvc.exe2

Report Id: avgwdsvc.exe3

 

Error: (01/06/2014 07:58:25 PM) (Source: Application Error) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24

Exception code: 0xc000070a

Fault offset: 0x000000000005cf99

Faulting process id: 0xb68

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (01/06/2014 07:45:41 PM) (Source: Application Error) (User: )

Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4

Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da

Exception code: 0xc0000005

Fault offset: 0x000808f1

Faulting process id: 0x618

Faulting application start time: 0xavgwdsvc.exe0

Faulting application path: avgwdsvc.exe1

Faulting module path: avgwdsvc.exe2

Report Id: avgwdsvc.exe3

 

Error: (01/06/2014 05:46:17 PM) (Source: Application Error) (User: )

Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4

Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da

Exception code: 0xc0000005

Fault offset: 0x000808f1

Faulting process id: 0x2f4

Faulting application start time: 0xavgwdsvc.exe0

Faulting application path: avgwdsvc.exe1

Faulting module path: avgwdsvc.exe2

Report Id: avgwdsvc.exe3

 

Error: (01/06/2014 04:58:51 PM) (Source: Application Error) (User: )

Description: Faulting application name: avgdiagex.exe, version: 13.0.0.3304, time stamp: 0x51539980

Faulting module name: avgduix.dll, version: 13.0.0.3211, time stamp: 0x5122e30b

Exception code: 0xc0000005

Fault offset: 0x000527d9

Faulting process id: 0xb80

Faulting application start time: 0xavgdiagex.exe0

Faulting application path: avgdiagex.exe1

Faulting module path: avgdiagex.exe2

Report Id: avgdiagex.exe3

 

Error: (01/06/2014 04:58:48 PM) (Source: Application Error) (User: )

Description: Faulting application name: avgwdsvc.exe, version: 13.0.0.3456, time stamp: 0x528bf6a4

Faulting module name: avgwd.dll, version: 13.0.0.3456, time stamp: 0x528c07da

Exception code: 0xc0000005

Fault offset: 0x000808f1

Faulting process id: 0x74c

Faulting application start time: 0xavgwdsvc.exe0

Faulting application path: avgwdsvc.exe1

Faulting module path: avgwdsvc.exe2

Report Id: avgwdsvc.exe3

 

Error: (01/06/2014 00:31:27 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/06/2014 00:31:24 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (01/06/2014 00:30:07 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

 

System errors:

=============

Error: (01/06/2014 08:30:01 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.165.1114.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.4.0304.00

 

Source Path: 4.4.0304.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/06/2014 08:17:11 PM) (Source: Service Control Manager) (User: )

Description: The HP Health Check Service service failed to start due to the following error: 

%%2

 

Error: (01/06/2014 08:15:10 PM) (Source: Service Control Manager) (User: )

Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/06/2014 08:15:10 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Avgldx64

 

Error: (01/06/2014 08:12:53 PM) (Source: Service Control Manager) (User: )

Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

 

Error: (01/06/2014 07:59:52 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.165.1114.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.4.0304.00

 

Source Path: 4.4.0304.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (01/06/2014 07:48:13 PM) (Source: Service Control Manager) (User: )

Description: The HP Health Check Service service failed to start due to the following error: 

%%2

 

Error: (01/06/2014 07:46:10 PM) (Source: Service Control Manager) (User: )

Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/06/2014 07:46:10 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Avgldx64

 

Error: (01/06/2014 07:45:23 PM) (Source: Service Control Manager) (User: )

Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.

 

 

Microsoft Office Sessions:

=========================

Error: (01/06/2014 08:16:12 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scott\Downloads\esetsmartinstaller_enu.exe

 

Error: (01/06/2014 08:13:13 PM) (Source: Application Error)(User: )

Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f134c01cf0b5ebc47b32cC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dll05fa114f-7752-11e3-afe9-c80aa99520dd

 

Error: (01/06/2014 07:58:25 PM) (Source: Application Error)(User: )

Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000070a000000000005cf99b6801cf0b5aec10632eC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllf4915071-774f-11e3-be17-c80aa99520dd

 

Error: (01/06/2014 07:45:41 PM) (Source: Application Error)(User: )

Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f161801cf0b5ae48673d5C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dll2dae3582-774e-11e3-be17-c80aa99520dd

 

Error: (01/06/2014 05:46:17 PM) (Source: Application Error)(User: )

Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f12f401cf0b4a30a60145C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dll7f3adce5-773d-11e3-9380-c80aa99520dd

 

Error: (01/06/2014 04:58:51 PM) (Source: Application Error)(User: )

Description: avgdiagex.exe13.0.0.330451539980avgduix.dll13.0.0.32115122e30bc0000005000527d9b8001cf0b439705d279C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exeC:\Program Files (x86)\AVG\AVG2013\avgduix.dlldef0802a-7736-11e3-a369-c80aa99520dd

 

Error: (01/06/2014 04:58:48 PM) (Source: Application Error)(User: )

Description: avgwdsvc.exe13.0.0.3456528bf6a4avgwd.dll13.0.0.3456528c07dac0000005000808f174c01cf0b438dad8b85C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwd.dlldd1b9114-7736-11e3-a369-c80aa99520dd

 

Error: (01/06/2014 00:31:27 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Belkin\@TV\Setup Wizard\SetupWizard.exe

 

Error: (01/06/2014 00:31:24 AM) (Source: SideBySide)(User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

 

Error: (01/06/2014 00:30:07 AM) (Source: SideBySide)(User: )

Description: C:\Users\Scott\AppData\OggSync8\adxloader.dll.ManifestC:\Users\Scott\AppData\OggSync8\adxloader.dll.Manifest2

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-12-29 05:56:54.011

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:56:53.901

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:56:53.791

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:56:53.691

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:56:53.571

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:56:53.451

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:56:53.351

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:56:53.241

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:18:37.585

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-29 05:18:37.476

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\DigitalPersona\Bin\DpOFeedb.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 48%

Total physical RAM: 5941.86 MB

Available physical RAM: 3083.88 MB

Total Pagefile: 11883.72 MB

Available Pagefile: 8844.54 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:442.72 GB) (Free:306.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:22.74 GB) (Free:3.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 4CB80527)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=23 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

NOTE: I will be going on vacation for a few days starting Jan 8 so we need to hurry and finish up here.

 

 

Please uninstall ALL versions of Java.  Then run the following
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

Next,

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
JavaRa 1.16 Removal Log.Report follows after 

 

line.------------------------------------The JavaRa removal process 

 

was started on Tue Jan 07 06:36:52 2014

 

Found and removed: C:\Program Files (x86)\Java\jre6Found and 

 

removed: Applications\java.exeFound and removed: Applications

 

\javaw.exeFound and removed: CLSID\{CAFEEFAC-0013-0000-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-

 

ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-

 

ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-

 

ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-

 

ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0030-ABCDEFFEDCBA}Found and removed: Software\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: 

 

Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}Found 

 

and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-

 

ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0034-ABCDEFFEDCBA}Found and removed: Software\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: 

 

Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}Found 

 

and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-

 

ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0038-ABCDEFFEDCBA}Found and removed: Software\Classes

 

\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}Found and removed: 

 

Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}Found 

 

and removed: Software\JavaSoft\Java UpdateFound and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0013-0001-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0001-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0001-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0001-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0001-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0014-0002-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0015-0000-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0002-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0006-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0010-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0014-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0018-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0022-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0024-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0025-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0026-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0028-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0029-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0030-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0032-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0033-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0034-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0036-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0037-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0016-0000-0038-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0003-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0007-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-

 

ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-

 

ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

0017-0000-0011-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes

 

\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}Found and removed: 

 

SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}Found 

 

and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-

 

ABCDEFFEDCBC}Found and removed: SOFTWARE\JavaSoft\Java Web Start

 

\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start

 

\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start

 

\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start

 

\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start

 

\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start

 

\1.2.0_01Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-

 

11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID

 

\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE

 

\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and 

 

removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-

 

00805F499D93}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-

 

DEC7-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes

 

\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: 

 

SOFTWARE\Classes\Installer\Features

 

\F60730A4A66673047777F5728467D401Found and removed: SOFTWARE

 

\Classes\Installer\Products\F60730A4A66673047777F5728467D401Found 

 

and removed: SOFTWARE\Classes\Installer\UpgradeCodes

 

\6C5ADB75C34456D42B338232391207FFFound and removed: SOFTWARE

 

\Classes\Installer\UpgradeCodes

 

\A5CCAAC40F5B69B47777ACF82566467CFound and removed: SOFTWARE

 

\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and 

 

removed: SOFTWARE\Classes\MIME\Database\Content Type

 

\application/java-deployment-toolkitFound and removed: SOFTWARE

 

\Classes\MIME\Database\Content Type\application/x-java-appletFound 

 

and removed: SOFTWARE\Classes\MIME\Database\Content Type

 

\application/x-java-jnlp-fileFound and removed: SOFTWARE\Classes

 

\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: 

 

SOFTWARE\Classes\.jarFound and removed: SOFTWARE\Classes\.jnlpFound 

 

and removed: SOFTWARE\Classes\jarfileFound and removed: SOFTWARE

 

\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE

 

\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: 

 

SOFTWARE\Classes\JNLPFileFound and removed: SOFTWARE\Microsoft

 

\Windows\CurrentVersion\App Paths\javaws.exeFound and removed: 

 

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

 

ObjectsFound and removed: SOFTWARE\Microsoft\Windows

 

\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

 

Found and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE

 

\JreMetricsFound and removed: SOFTWARE

 

\MozillaPlugins------------------------------------Finished 

 

reporting.JavaRa 1.16 Removal Log.Report follows after 

 

line.------------------------------------The JavaRa removal process 

 

was started on Tue Jan 07 06:48:27 2014

 

Found and removed: Applications\java.exeFound and removed: 

 

Applications\javaw.exeFound and removed: CLSID\{CAFEEFAC-0014-0002

 

-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0037-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0037-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0038-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

0038-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-

 

FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0023-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0024-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0025-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0026-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0027-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0028-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0029-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0030-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0031-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0032-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0033-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0034-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0035-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

0036-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-

 

FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-

 

FFFF-ABCDEFFEDCBA}Found and removed: SOFTWARE

 

\MozillaPlugins------------------------------------Finished 

 

reporting.

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014

Ran by Scott at 2014-01-07 06:51:06 Run:2

Running from C:\Users\Scott\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

BootExecute: autocheck autochk *  /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart /sync /restart

HKLM-x32\...\Run: [] - [x]

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-02-28] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [Google Update] - C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-07] (Google Inc.)

HKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Scott\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013

HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Scott\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 4ced2b23a9cd47d0814fa1bad3cf9d04-bd9abf57d5c6eecffec5926f541664f5b0b9becf --CMPID 0913a

MountPoints2: {28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} - G:\setup.exe -a

MountPoints2: {5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} - G:\VZW_Software_upgrade_assistant.exe

MountPoints2: {73f42c51-5912-11e3-b8d2-c80aa99520dd} - G:\TL_Bootstrap.exe

MountPoints2: {783e61f0-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exe

MountPoints2: {783e6249-5940-11e3-ad28-c80aa99520dd} - G:\TL_Bootstrap.exe

MountPoints2: {9a408aac-248f-11e2-9652-70f3952b74f7} - G:\setup.exe -a

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKCU - {4C2ACFB5-CD27-4945-B090-7843A588BBDB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKCU - {61C0665B-F355-4ECB-96A6-03B9FE8509AF} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzyyDtBtD0D0D0FtDtAzytN0D0Tzu0CyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=218193065&ir=

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

C:\Users\Scott\jobq.dat

C:\Users\Scott\AppData\Local\Temp\78503uninstall.exe

C:\Users\Scott\AppData\Local\Temp\@TVSoftware.exe

C:\Users\Scott\AppData\Local\Temp\handbrake-setup.exe

C:\Users\Scott\AppData\Local\Temp\i4jdel0.exe

C:\Users\Scott\AppData\Local\Temp\instmsia.exe

C:\Users\Scott\AppData\Local\Temp\instmsiw.exe

C:\Users\Scott\AppData\Local\Temp\ISSetup.dll

C:\Users\Scott\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Scott\AppData\Local\Temp\Quarantine.exe

C:\Users\Scott\AppData\Local\Temp\Setup.exe

C:\Users\Scott\AppData\Local\Temp\Sqlite3.dll

C:\Users\Scott\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe

Task: {9A024779-7208-42C8-9584-659F7D05846C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.)

Task: {A348336F-0901-446D-83F3-8C111D2FF7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.)

Task: {C842BE89-69CA-49A3-9ADD-05EBE666FE98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-07] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Windows\SysWOW64\mswinsck32.ocx:rsrc

AlternateDataStreams: C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty

 

 

*****************

 

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_APR2013_AV => Value not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913a => Value not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} => Key not found.

HKCR\CLSID\{28dcdc13-dfbb-11e0-a1ee-70f3952b74f7} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} => Key not found.

HKCR\CLSID\{5966ca7c-fd0b-11e2-aeec-8b0cfd3ea3eb} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f42c51-5912-11e3-b8d2-c80aa99520dd} => Key not found.

HKCR\CLSID\{73f42c51-5912-11e3-b8d2-c80aa99520dd} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783e61f0-5940-11e3-ad28-c80aa99520dd} => Key not found.

HKCR\CLSID\{783e61f0-5940-11e3-ad28-c80aa99520dd} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783e6249-5940-11e3-ad28-c80aa99520dd} => Key not found.

HKCR\CLSID\{783e6249-5940-11e3-ad28-c80aa99520dd} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a408aac-248f-11e2-9652-70f3952b74f7} => Key not found.

HKCR\CLSID\{9a408aac-248f-11e2-9652-70f3952b74f7} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found.

HKCR\Wow6432Node\CLSID\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found.

HKCR\CLSID\{4C2ACFB5-CD27-4945-B090-7843A588BBDB} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61C0665B-F355-4ECB-96A6-03B9FE8509AF} => Key not found.

HKCR\CLSID\{61C0665B-F355-4ECB-96A6-03B9FE8509AF} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2 => Key not found.

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2 => Key not found.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll not found.

C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.

"C:\Users\Scott\jobq.dat" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\78503uninstall.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\@TVSoftware.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\handbrake-setup.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\i4jdel0.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\instmsia.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\instmsiw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\ISSetup.dll" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\Setup.exe" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\Sqlite3.dll" => File/Directory not found.

"C:\Users\Scott\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A024779-7208-42C8-9584-659F7D05846C} => Key not found.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A348336F-0901-446D-83F3-8C111D2FF7D8} => Key not found.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C842BE89-69CA-49A3-9ADD-05EBE666FE98} => Key not found.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA => Key not found.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001Core.job not found.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761485536-2411543626-2877913188-1001UA.job not found.

"C:\Windows\SysWOW64\mswinsck32.ocx" => ":rsrc" ADS not found.

"C:\Users\Scott\AppData\Roaming\Comma Separated Values (Windows).EML" => ":OECustomProperty" ADS not found.

 

==== End of Fixlog ====

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Restart the computer.

 

dr_web_cureit_zpse80d87bf.jpg

  1. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  2. NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  3. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  4. Shutdown your antivirus to avoid any conflicts while scanning.
  5. Once the scans have completed please re-enable your antivirus.
  6. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  7. If needed you can also temporarily disable it from starting with Windows
  8. Temporarily turn off any other security add-ons or applications you may also have.
  9. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  10. If it does not have a Digital Signature then do not run it.
  11. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  12. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  13. Click on the Yes button to start the installer.
  14. Click OK to scan your computer in the Enhanced Protection Mode
  15. Click on the check box to agree to participate in their software improvement program.
  16. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  17. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  18. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  19. Then click on the Start scanning button.
  20. If a threat is found you can click on the Action column in the program.
  21. Your options will be Cure or Ignore
  22. If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  23. Then click on the Neutralize button.
  24. Once completed click on the green Open Report link. It will open the report in NOTEPAD
  25. Save the report to your desktop. The report will be called Cureit.log
  26. Close Dr.Web Cureit!
  27. Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  28. After reboot, attach the log Cureit.log you saved previously in your next reply.
  29. Re-Enable your antivirus and other security programs when all done.


 

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted

Ron

 

I hope I am not being overly optimistic, but it appears the malware is gone.  I screwed up and did not get the report from Dr Web.  It found one threat and I neutralized it.  Rebooted and ran it again, then realized i forgot to save the report from the first one.  But now it finds no threat . Malware Bytes finds no threat, and the process that kept eating up all my of CPU usage is no longer popping up.  

 

I am sorry for not saving the log.  But I am also extermely grateful for the time you took reviewing this situation and working to help me.  Thank you very much.  

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Sounds good and hopefully that was the main culprit that Dr Web found.

 

Let me have you run the following though before we close up here.

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites
Man of Leisure

Man of Leisure

Posted
  • Author
Posted
 Results of screen317's Security Check version 0.99.78  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus Free Edition 2013   

Microsoft Security Essentials     

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player 11.9.900.170  

 Adobe Reader 9 Adobe Reader out of Date! 

 Mozilla Firefox (26.0) 

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.