qim Posted February 6, 2014 ID:787462 Share Posted February 6, 2014 HiI am not sure if I am doing something wrong but I habe posted 3 times, got a rsponse requiring that I post again... amd then the posts dispappear. If I am brealking any rules, please tell me, and accept my apologies. There was an earlier problem that I thought had been resolved. I don't know if it is the same malware that returned.https://forums.malwarebytes.org/index.php?s=7945bcf03f309e2f4fc993b66a22e04c&showtopic=141207&hl I am pasting below the logs required DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.51.2Run by qimi at 22:55:51 on 2014-02-04Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.1033.18.6056.4159 [GMT 0:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\windows\system32\Dwm.exeC:\windows\System32\spoolsv.exeC:\windows\Explorer.EXEC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\taskhost.exeC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\windows\system32\svchost.exe -k bthsvcsC:\Windows\System32\igfxtray.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\rundll32.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\POP Peeper\POPPeeper.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\windows\system32\RunDll32.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\windows\system32\igfxext.exeC:\windows\system32\igfxsrvc.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exeC:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exeC:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exeC:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exeC:\windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exeC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\notepad.exeC:\Program Files (x86)\Skype\Phone\Skype.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dllBHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dllBHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllEB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dlluRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -minmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeStartupFolder: C:\Users\qimi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exeuPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exeIE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dllIE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1TCP: Interfaces\{18DBC74A-DE0D-4804-B59B-7EE2A2B67458} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\1456E616F5B4572696 : DHCPNameServer = 10.81.224.1TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\2656C6B696E6E233369346 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\64F4E4F5A5F4E4F564255454F594E4455425E45445 : DHCPNameServer = 192.168.3.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dllx64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dllx64-Notify: igfxcui - igfxdev.dllx64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\System32\ieudinit.exe.================= FIREFOX ===================.FF - ProfilePath - C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\9mzucc9u.default\FF - prefs.js: browser.startup.homepage - www.google.co.ukFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dllFF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-25 30056]R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-9-6 13824]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-1-28 20549]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]R2 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-6 2656536]R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-14 327168]R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-9-6 138024]R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-6 317440]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-6 471144]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]S3 OXUDIDRV;OXUDIDRV;C:\windows\System32\drivers\OXUDIDRV_x64.sys [2013-11-12 31280]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-9-6 166704]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-14 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-02-04 16:50:30 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6378A7FC-7D26-4236-994C-B0F43EABC380}\mpengine.dll2014-02-04 11:25:45 327168 ----a-w- C:\windows\IsUn0416.exe2014-02-04 11:25:27 103344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-02-04 11:25:22 -------- d-----w- C:\windows\Profiles2014-02-04 11:25:20 270336 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll2014-02-03 14:00:44 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-02-03 12:30:42 -------- d-----w- C:\Program Files\Inpaint2014-02-02 22:30:32 -------- d-----w- C:\AdwCleaner2014-01-29 17:48:15 -------- d-sh--w- C:\$RECYCLE.BIN2014-01-24 06:16:33 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9FB99EC-C8DF-4E38-A2B5-193824BC87A5}\gapaengine.dll2014-01-23 15:23:33 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2014-01-15 14:20:38 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys2014-01-15 14:20:38 7808 ----a-w- C:\windows\System32\drivers\usbd.sys2014-01-15 14:20:38 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys2014-01-15 14:20:38 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys2014-01-15 14:20:38 325120 ----a-w- C:\windows\System32\drivers\usbport.sys2014-01-15 14:20:38 3156480 ----a-w- C:\windows\System32\win32k.sys2014-01-15 14:20:38 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys2014-01-15 14:20:38 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys2014-01-15 14:20:37 376768 ----a-w- C:\windows\System32\drivers\netio.sys2014-01-07 10:44:04 -------- d-----w- C:\ProgramData\Visan2014-01-07 10:44:04 -------- d-----w- C:\ProgramData\HP Photo Creations2014-01-07 10:44:04 -------- d-----w- C:\Program Files (x86)\HP Photo Creations2014-01-07 10:43:28 -------- d-----w- C:\Users\qimi\AppData\Roaming\HpUpdate2014-01-07 10:41:07 -------- d-----w- C:\Program Files (x86)\HP2014-01-07 10:39:08 -------- d-----w- C:\Program Files\HP2014-01-07 10:37:43 -------- d-----w- C:\Users\qimi\AppData\Local\HP.==================== Find3M ====================.2014-01-23 15:20:18 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2014-01-23 15:20:17 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll2013-11-15 01:37:29 2334720 ----a-w- C:\windows\System32\jscript9.dll2013-11-15 01:29:03 1392128 ----a-w- C:\windows\System32\wininet.dll2013-11-15 01:28:41 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2013-11-15 01:22:21 173056 ----a-w- C:\windows\System32\ieUnatt.exe2013-11-15 01:20:47 599040 ----a-w- C:\windows\System32\vbscript.dll2013-11-15 01:18:03 2382848 ----a-w- C:\windows\System32\mshtml.tlb2013-11-14 22:50:50 1806848 ----a-w- C:\windows\SysWow64\jscript9.dll2013-11-14 22:42:41 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2013-11-14 22:42:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2013-11-14 22:38:54 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2013-11-14 22:38:16 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2013-11-14 22:35:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll.============= FINISH: 22:56:28,04 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 14-04-2012 01:53:47System Uptime: 04-02-2014 17:02:58 (5 hours ago).Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RC530/RC730Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU 1 | 1078/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 500 GiB total, 424,008 GiB free.D: is FIXED (NTFS) - 408 GiB total, 123,038 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP404: 29-01-2014 17:47:15 - ComboFix created restore pointRP405: 30-01-2014 08:58:26 - Windows UpdateRP406: 02-02-2014 11:58:19 - Windows UpdateRP407: 02-02-2014 19:00:14 - Windows BackupRP408: 03-02-2014 11:59:06 - Device Driver Package Install: Hamrick Software Imaging devicesRP409: 04-02-2014 11:21:57 - Installed hp deskjet 6122.==== Installed Programs ======================.?? ??? ?? Windows Live Mesh ActiveX ?????? ActiveX ?? Windows Live Mesh ???? ??????? ??????????? ??? Windows Live???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????????? Windows Live????? Windows Live?????? ??????? ?? Windows Live??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ?????????????????? Windows Live Mesh ActiveX ??(????)??????? Windows Live Mesh ActiveX ??????????? ?????????? Windows Live????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)?????????? Windows Live??????????? ?? Windows LiveActiveState Komodo Edit 8.0.1ActiveX-kontroll för fjärranslutningar för Windows Live MeshActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????Adobe Acrobat 5.0Adobe Flash Player 11 PluginAdobe Flash Player 12 ActiveXAdobe Reader X (10.1.6)Adobe Shockwave Player 12.0Agatha Christie - Death on the NileApache HTTP Server 2.2.22Apple Application SupportApple Software Update„Windows Live Essentials“„Windows Live Mail“„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis„Windows Live Messenger“„Windows Live“ fotogalerijaBatteryLifeExtenderBejeweled 2 DeluxeBelkin Setup and Router MonitorBuild-a-lotBullzip PDF Printer 9.3.0.1516ChargeableUSBChime/Chime Pro for Internet ExplorerChuzzle DeluxeCompatibility Pack for the 2007 Office systemContrôle ActiveX Windows Live Mesh pour connexions à distanceControl ActiveX de Windows Live Mesh para conexiones remotasControl ActiveX Windows Live Mesh pentru conexiuni la distan?aControle ActiveX do Windows Live Mesh para Conexões RemotasControlo ActiveX do Windows Live Mesh para Ligações RemotasCyberLink Media SuiteCyberLink Media+ Player10CyberLink MediaShowCyberLink Power2GoCyberLink PowerDirectorCyberLink YouCamD3DX10Diner Dash 2 Restaurant RescuednGREP 2.7.1 (x64)Easy Content ShareEasy Display ManagerEasy MigrationEasy Network ManagerEasy SpeedUp ManagerEasyBatteryManagerEasyFileShareESET Online Scanner v3ETDWare PS/2-X64 8.0.7.2_WHQLFarm FrenzyFast StartFileZilla Client 3.7.3Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnychFotogalerija Windows LiveFree CSS Toolbox 1.2Galeria de Fotografias do Windows LiveGaleria fotografii uslugi Windows LiveGalerie de photos Windows LiveGalerie foto Windows LiveGalería fotográfica de Windows LiveGIMP 2.8.4Google ChromeGoogle Update HelperHP Deskjet 1510 series Basic Device SoftwareHP Deskjet 1510 series HelpHP FWUpdateEDO2HP Photo Creationshp print screen utilityHP UpdateHTML-Kit ToolsInpaint 5.6Insaniquarium DeluxeIntel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® 3.0 + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyInternet Explorer (Enable DEP)Internet Explorer Developer ToolbarIomega EncryptionJava 7 Update 51Java Auto UpdaterJohn Deere Drive GreenJunk Mail filter updateKaspersky Security ScanKontrola Windows Live Mesh ActiveX za daljinske vezeKontrolnik Windows Live Mesh ActiveX za oddaljene povezaveMalwarebytes Anti-Malware version 1.75.0.1300MDL Chime/Chime Pro for Internet ExplorerMesh RuntimeMicrosoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft Office File Validation Add-InMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Edition 2003Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Monitor da tecnologia Intel® Turbo Boost 2.0Movie Color EnhancerMozBackup 1.5.1Mozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 24.2.0 (x86 en-US)MSVCRTMSVCRT_amd64Multimedia POPMySQL Connector C++ 1.1.2MySQL Connector JMySQL Connector Net 6.6.5MySQL Connector/ODBC 5.2(w)MySQL Documents 5.6MySQL Examples and Samples 5.6MySQL InstallerMySQL Notifier 1.0.3MySQL Server 5.6MySQL Workbench 5.2 CENotepad++NVIDIA Control Panel 307.21NVIDIA Graphics Driver 307.21NVIDIA Install ApplicationNVIDIA Optimus 1.10.8NVIDIA Update 1.10.8NVIDIA Update ComponentsOpera 12.16Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojeníOvládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojeniaPeaZip 4.9.1PegglePenguins!Plants vs. ZombiesPoczta uslugi Windows LivePodstawowe programy Windows LivePolar GolferPOP PeeperPošta Windows LiveProduct Improvement Study for HP Deskjet 1510 seriesQuickTimeRaccolta foto di Windows LiveRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRemoteComms External Disk AccessS?????? f?t???af??? t?? Windows LiveSafariSamsung AnyWeb PrintSamsung Printer Live UpdateSamsung Recovery Solution 5Samsung Support Center 1.0Samsung Universal Print DriverSamsung Universal Scan DriverSamsung Update PlusSD226 Biological PsychologySimple CSS 2.1Skype™ 6.11SopCast 3.4.7St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??SUPERAntiSpywareswMSMTextStylistUser GuideUzak Baglantilar Için Windows Live Mesh ActiveX DenetimiVeetle TVVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVueScan x64WildTangent GamesWildTangent ORB Game ConsoleWindows LiveWindows Live ??Windows Live ?? ???Windows Live ???Windows Live ????Windows Live Communications PlatformWindows Live EssentialsWindows Live FotótárWindows Live Foto-galerijaWindows Live fotoattelu galerijaWindows Live FotogalerieWindows Live FotogalleriWindows Live FotogalériaWindows Live Fotograf GalerisiWindows Live Galeria de FotosWindows Live Galerija fotografijaWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh - ActiveX-besturingselement voor externe verbindingenWindows Live Mesh ActiveX-kontroll for eksterne tilkoblingerWindows Live Mesh ActiveX-objekt til fjernforbindelserWindows Live Mesh ActiveX-vezérlo távoli kapcsolatokhozWindows Live Mesh ActiveX control for remote connectionsWindows Live Mesh ActiveX kontrola za daljinske vezeWindows Live Mesh ActiveX vadikla attalajiem savienojumiemWindows Live Meshin etäyhteyksien ActiveX-komponenttiWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live PoštaWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live Temel ParçalarWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Liven asennustyökaluWindows Liven sähköpostiWindows Liven valokuvavalikoimaWOT for Internet ExplorerZuma Deluxe.==== Event Viewer Messages From Past Week ========.29-01-2014 11:12:08, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.28-01-2014 20:27:22, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.28-01-2014 20:26:48, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.28-01-2014 06:24:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.04-02-2014 17:04:30, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).04-02-2014 17:04:30, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.03-02-2014 12:57:45, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.03-02-2014 12:57:45, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 6, 2014 Root Admin ID:787468 Share Posted February 6, 2014 Hello and Your post did not disappear you simply did not reply to it. https://forums.malwarebytes.org/index.php?showtopic=141615 I have gone ahead and marked it resolved and will help you here in this post. Please read the following information below and post back the requested logs when ready. General P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed please print out these instructions.Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.If the log is too large then you can use attachments by clicking on the More Reply Options button.Please enable your system to show hidden files: How to see hidden files in WindowsMake sure you're subscribed to this topic:Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drivePlease don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.You can check here if you're not sure if your computer is 32-bit or 64-bitPlease disable your antivirus while running any requested scanners so that they do not interfere with the scanners.When we are done, I'll give you instructions on how to cleanup all the tools and logsPlease stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.Your topic will be closed if you haven't replied within 3 days(If I have not responded within 24 hours, please send me a Private Message as a reminder)STEP 0 RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop. Link 1 Link 2On Windows XP double-click on the Rkill desktop icon to run the tool.On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As AdministratorA black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.STEP 01 Backup the Registry: Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.Double click on erunt-setup.exe to Install ERUNT by following the prompts.NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable.Make sure that at least the first two check boxes are selected.Click on OKThen click on YES to create the folder.Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02 Please download RogueKiller and save it to your desktop. You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bitQuit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes Close the program > Don't Fix anything!Don't run any other options, they're not all bad!!Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
qim Posted February 6, 2014 Author ID:787476 Share Posted February 6, 2014 Hi many thanks I'm having a problem with RogueKiller 64. It tells me the version is outdated but when I press the button to download it from the Internet all I get are downloads for Toolbars, maps, .... Shall I ignore the downloads? Link to post Share on other sites More sharing options...
qim Posted February 6, 2014 Author ID:787477 Share Posted February 6, 2014 Ok here go the logs (I did not update RogueKiller Rkill 2.6.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 02/06/2014 09:15:38 AM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * No issues found.Checking Windows Service Integrity: * No issues found.Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhostProgram finished at: 02/06/2014 09:16:34 AMExecution time: 0 hours(s), 0 minute(s), and 56 seconds(s) RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : qimi [Admin rights]Mode : Scan -- Date : 02/06/2014 09:39:04| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 7 ¤¤¤[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[sCREENSVR][sUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\windows\SAMSUN~1.SCR [-]) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HN-M101MBB +++++--- User ---[MBR] adf95422188c832a81cc74ff77e912e3[bSP] ca774d69073d522ab3ce129415a59fe6 : KIWI Image system MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 512000 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1048782848 | Size: 417803 Mo3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1904443392 | Size: 23965 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_02062014_093904.txt >> Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 6, 2014 Root Admin ID:787727 Share Posted February 6, 2014 Thank you. Please go ahead and run through the following steps and post back the logs when ready.STEP 03Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 05Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Please uncheck elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.STEP 06Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
qim Posted February 7, 2014 Author ID:787832 Share Posted February 7, 2014 Good morning (it's 5 am here) I read earlier that I should not restart the computer. However I have a taxi in half-an-hour to take me to the airpott and I will have to, at least, shut down the laptop cover. I will only be able to follow your instructions when I get home in Andorra later this afternoon. I hope that is ok. Many thanks for your help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 7, 2014 Root Admin ID:787842 Share Posted February 7, 2014 Not a problem. It's okay to restart the computer when needed or is part of one of the steps. Go ahead and post back as soon as you're ready, we'll be here. Thanks Link to post Share on other sites More sharing options...
qim Posted February 7, 2014 Author ID:788018 Share Posted February 7, 2014 Hi I'm back All scansd up to now appeared to be clean to me. However I am in the middle of Eset and it has discovered 1 infected file (Eicar Test File). The ADWCleaner log file is nowhere to be found! I am attaching the others which I have so far. many thanksJRT.txtmbam-log-2014-02-07 (17-03-54).txtmbar-log-2014-02-07 (05-08-56).txtsystem-log.txt Link to post Share on other sites More sharing options...
qim Posted February 7, 2014 Author ID:788048 Share Posted February 7, 2014 Here goes the ESET log C:\Users\qimi\AppData\Local\Temp\Av-test.txt Eicar test file For the last scan, I got a message that FRST64 could harm my computer... Shall i go ahead? Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 7, 2014 Root Admin ID:788080 Share Posted February 7, 2014 I'm assuming it was your antivirus that gave that warning. Was it Microsoft Security Essentials with the warning or the Internet Explorer Smartscreen that said that? How to enable/disable the Smart Screen Filter. http://support.microsoft.com/kb/930168 As long as you used the link I provided the software is very safe and will not harm your computer. Link to post Share on other sites More sharing options...
qim Posted February 8, 2014 Author ID:788199 Share Posted February 8, 2014 Here goes the logs. What about the ADWCleaner? Shall I run it again? Security Essentials has just come up with a bo asking to send a file for further analysis. It seems to be related to a University course I did a couple of years ago. I am attaching screen capture. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014Ran by qimi (administrator) on QIMI-PC on 08-02-2014 06:37:11Running from C:\Users\qimi\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE(Microsoft Corporation) C:\Windows\splwow64.exe() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe(FileZilla Project) C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-10-08] ()HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] - [X]Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-251638132-866889896-205452805-1001\...\Run: [POP Peeper] - C:\Program Files (x86)\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)Startup: C:\Users\qimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnkShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PTHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33AA09EC1DE6CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()BHO-x32: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1391537426268DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\9mzucc9u.defaultFF Homepage: www.google.co.ukFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Firebug - C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\9mzucc9u.default\Extensions\firebug@software.joehewitt.com.xpi [2013-05-22]FF Extension: Web Developer - C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\9mzucc9u.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-11-30]Chrome:=======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Extension: (Google Docs) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-25]CHR Extension: (Google Drive) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-25]CHR Extension: (YouTube) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-25]CHR Extension: (Google Search) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-25]CHR Extension: (PageRank Status) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2013-07-27]CHR Extension: (Google Wallet) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-25]==================== Services (Whitelisted) =================R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation)R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14242 2013-03-24] ()R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()==================== Drivers (Whitelisted) ====================R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()S3 OXUDIDRV; C:\windows\system32\Drivers\OXUDIDRV_X64.sys [31280 2010-05-25] ()S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-05] (Windows ® 2003 DDK 3790 provider)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-08 06:37 - 2014-02-08 06:37 - 00018572 _____ () C:\Users\qimi\Desktop\FRST.txt2014-02-08 06:36 - 2014-02-08 06:37 - 00000000 ____D () C:\FRST2014-02-08 06:35 - 2014-02-08 06:35 - 02079744 _____ (Farbar) C:\Users\qimi\Desktop\FRST64.exe2014-02-07 19:31 - 2014-02-07 19:31 - 00000062 _____ () C:\Users\qimi\Desktop\Eset.txt2014-02-07 19:04 - 2014-02-07 19:04 - 00000000 ____D () C:\Users\qimi\Desktop\Scans2014-02-07 17:47 - 2014-02-02 23:35 - 00000950 _____ () C:\Users\qimi\Desktop\AdwCleaner[s0].txt2014-02-07 16:51 - 2014-02-07 16:51 - 01166132 _____ () C:\Users\qimi\Desktop\AdwCleaner.exe2014-02-07 16:36 - 2014-02-07 16:36 - 00000000 ____D () C:\windows\ERUNT2014-02-07 06:25 - 2014-02-07 06:25 - 01037530 _____ (Thisisu) C:\Users\qimi\Desktop\JRT.exe2014-02-07 06:08 - 2014-02-07 06:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-07 06:06 - 2014-02-07 17:45 - 00000000 ____D () C:\Users\qimi\Desktop\mbar2014-02-07 06:06 - 2014-02-07 06:06 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-02-07 06:05 - 2014-02-07 06:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\qimi\Desktop\mbar-1.07.0.1009.exe2014-02-06 17:51 - 2014-02-06 17:36 - 00016256 _____ () C:\Users\qimi\Desktop\index2.html2014-02-06 10:39 - 2014-02-06 10:39 - 00002133 _____ () C:\Users\qimi\Desktop\RKreport[0]_S_02062014_093904.txt2014-02-06 10:26 - 2014-02-06 10:39 - 00000000 ____D () C:\Users\qimi\Desktop\RK_Quarantine2014-02-06 10:21 - 2014-02-06 10:21 - 04380160 _____ () C:\Users\qimi\Desktop\RogueKillerX64.exe2014-02-06 10:20 - 2014-02-06 10:20 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-06 10:18 - 2014-02-06 10:18 - 00791393 _____ (Lars Hederer ) C:\Users\qimi\Desktop\erunt-setup.exe2014-02-06 10:15 - 2014-02-06 10:16 - 00002122 _____ () C:\Users\qimi\Desktop\Rkill.txt2014-02-06 10:14 - 2014-02-06 10:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\qimi\Desktop\rkill.exe2014-02-06 09:34 - 2014-02-06 10:08 - 00000000 ___SD () C:\ComboFix2014-02-06 09:34 - 2014-02-06 09:34 - 00000000 ____D () C:\Qoobox2014-02-06 09:34 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe2014-02-06 09:34 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe2014-02-06 09:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2014-02-06 09:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2014-02-06 09:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2014-02-06 09:34 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe2014-02-06 09:34 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe2014-02-06 09:34 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe2014-02-06 09:31 - 2014-02-06 09:31 - 05180173 ____R (Swearware) C:\Users\qimi\Desktop\ComboFix.exe2014-02-05 16:11 - 2014-02-05 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird2014-02-05 11:16 - 2014-02-05 11:16 - 00000235 _____ () C:\Users\qimi\Desktop\History - Alexa Rank.url2014-02-05 00:55 - 2014-02-05 02:52 - 00000000 ____D () C:\Users\qimi\Desktop\hide-and-show2014-02-04 23:56 - 2014-02-04 23:56 - 00019750 _____ () C:\Users\qimi\Desktop\dds.txt2014-02-04 23:56 - 2014-02-04 23:56 - 00011181 _____ () C:\Users\qimi\Desktop\attach.txt2014-02-04 23:55 - 2014-02-04 23:55 - 00688992 ____R (Swearware) C:\Users\qimi\Desktop\dds.scr2014-02-04 19:12 - 2014-02-04 19:24 - 00000000 ____D () C:\Users\qimi\Desktop\Microsoft driver update for hp deskjet 990c2014-02-04 12:25 - 2014-02-04 12:25 - 00001247 _____ () C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk2014-02-04 12:25 - 2014-02-04 12:25 - 00000000 ____D () C:\Program Files\Hewlett-Packard2014-02-04 12:25 - 1998-10-09 18:56 - 00327168 _____ (InstallShield Software Corporation, Inc.) C:\windows\IsUn0416.exe2014-02-04 12:23 - 2014-02-04 12:23 - 00000000 ____D () C:\Users\qimi\Documents\My eBooks2014-02-04 12:23 - 2014-02-04 12:23 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\InterTrust2014-02-04 12:21 - 2014-02-04 12:25 - 00090650 _____ () C:\windows\hpdj6122.his2014-02-04 12:21 - 2014-02-04 12:25 - 00007503 _____ () C:\windows\hpdj6122.ini2014-02-03 13:30 - 2014-02-03 13:30 - 00000000 ____D () C:\Program Files\Inpaint2014-02-03 11:13 - 2014-02-03 11:13 - 00001008 _____ () C:\Users\qimi\Desktop\AdwCleaner[R1].txt2014-02-02 23:34 - 2014-02-02 23:34 - 00000254 _____ () C:\Users\qimi\Desktop\win32-Bundled.Toolbar.Google.D application - Resolved HijackThis Logs - Malwarebytes Forum.url2014-02-02 23:31 - 2014-02-02 23:31 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\qimi\Desktop\tdsskiller.exe2014-02-02 23:30 - 2014-02-07 16:54 - 00000000 ____D () C:\AdwCleaner2014-02-02 11:57 - 2014-02-02 11:57 - 00000259 _____ () C:\Users\qimi\Desktop\Valid HTML 4.01 Strict And The Target Attribute - Web Site Design - Cre8asiteforums.url2014-01-30 15:39 - 2014-01-30 16:18 - 00000000 ____D () C:\Users\qimi\Desktop\Media queries2014-01-27 13:32 - 2014-01-27 13:32 - 00000207 _____ () C:\Users\qimi\Desktop\The Free Keyword Tool from WordStream - Free Keywords for SEO, AdWords, & Blogging.url2014-01-27 13:30 - 2014-01-27 13:30 - 00000242 _____ () C:\Users\qimi\Desktop\Arrecadação Arrendamento 35€ em Oeiras, Oeiras e São Julião Barra - Casa.Sapo.pt - Portal Nacional de Imobiliário.url2014-01-25 11:31 - 2014-01-28 20:23 - 00000058 _____ () C:\Users\qimi\Desktop\Worten.txt2014-01-23 16:23 - 2014-01-23 16:23 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log2014-01-23 16:23 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-01-23 16:23 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-01-23 16:23 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-01-23 16:23 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-01-23 12:23 - 2014-01-23 12:42 - 00000000 ____D () C:\Users\qimi\Desktop\css2014-01-23 11:28 - 2014-01-23 12:24 - 00000471 _____ () C:\Users\qimi\Desktop\PrivateSignature.html2014-01-23 11:26 - 2014-01-23 12:23 - 00000000 ____D () C:\Users\qimi\Desktop\signature2014-01-22 18:56 - 2014-01-23 07:16 - 00001287 _____ () C:\Users\qimi\Desktop\PersonalSign.html2014-01-20 15:36 - 2014-01-20 15:36 - 00002581 _____ () C:\Users\qimi\AppData\Local\recently-used.xbel2014-01-17 19:14 - 2014-02-07 17:08 - 00000377 _____ () C:\Users\qimi\Desktop\alexa.txt2014-01-17 16:34 - 2014-01-17 16:34 - 00000195 _____ () C:\Users\qimi\Desktop\Emirates,.url2014-01-17 07:52 - 2014-01-17 08:47 - 00000000 ____D () C:\Users\qimi\Desktop\Tel-o-Tel2014-01-15 15:20 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys2014-01-15 15:20 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys2014-01-15 15:20 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys2014-01-15 15:20 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys2014-01-15 15:20 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys2014-01-15 15:20 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys2014-01-15 15:20 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys2014-01-15 15:20 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys2014-01-15 15:20 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-01-14 11:01 - 2014-01-14 11:01 - 00000195 _____ () C:\Users\qimi\Desktop\Panama,.url2014-01-10 19:06 - 2014-01-10 19:06 - 00000262 _____ () C:\Users\qimi\Desktop\Ariston Spares, Parts & Accessories.url==================== One Month Modified Files and Folders =======2014-02-08 06:37 - 2014-02-08 06:37 - 00018572 _____ () C:\Users\qimi\Desktop\FRST.txt2014-02-08 06:37 - 2014-02-08 06:36 - 00000000 ____D () C:\FRST2014-02-08 06:36 - 2009-07-14 06:13 - 00783398 _____ () C:\windows\system32\PerfStringBackup.INI2014-02-08 06:35 - 2014-02-08 06:35 - 02079744 _____ (Farbar) C:\Users\qimi\Desktop\FRST64.exe2014-02-08 06:34 - 2013-06-15 09:11 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-02-08 06:34 - 2013-04-25 17:28 - 00001004 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-08 06:34 - 2013-04-25 17:28 - 00001000 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-08 06:34 - 2011-09-06 17:19 - 01187627 _____ () C:\windows\WindowsUpdate.log2014-02-07 21:40 - 2013-03-05 19:37 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\FileZilla2014-02-07 19:31 - 2014-02-07 19:31 - 00000062 _____ () C:\Users\qimi\Desktop\Eset.txt2014-02-07 19:04 - 2014-02-07 19:04 - 00000000 ____D () C:\Users\qimi\Desktop\Scans2014-02-07 17:45 - 2014-02-07 06:06 - 00000000 ____D () C:\Users\qimi\Desktop\mbar2014-02-07 17:08 - 2014-01-17 19:14 - 00000377 _____ () C:\Users\qimi\Desktop\alexa.txt2014-02-07 17:07 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-07 17:07 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-07 16:59 - 2012-11-01 18:48 - 00011148 _____ () C:\windows\setupact.log2014-02-07 16:59 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-02-07 16:55 - 2012-10-17 08:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-02-07 16:55 - 2010-11-21 04:47 - 00644058 _____ () C:\windows\PFRO.log2014-02-07 16:54 - 2014-02-02 23:30 - 00000000 ____D () C:\AdwCleaner2014-02-07 16:51 - 2014-02-07 16:51 - 01166132 _____ () C:\Users\qimi\Desktop\AdwCleaner.exe2014-02-07 16:51 - 2012-04-14 02:25 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\Skype2014-02-07 16:36 - 2014-02-07 16:36 - 00000000 ____D () C:\windows\ERUNT2014-02-07 06:25 - 2014-02-07 06:25 - 01037530 _____ (Thisisu) C:\Users\qimi\Desktop\JRT.exe2014-02-07 06:25 - 2014-02-07 06:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-07 06:06 - 2014-02-07 06:06 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-02-07 06:05 - 2014-02-07 06:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\qimi\Desktop\mbar-1.07.0.1009.exe2014-02-06 17:36 - 2014-02-06 17:51 - 00016256 _____ () C:\Users\qimi\Desktop\index2.html2014-02-06 10:48 - 2013-11-07 15:08 - 00000247 _____ () C:\Users\qimi\Desktop\English Dictionary.url2014-02-06 10:39 - 2014-02-06 10:39 - 00002133 _____ () C:\Users\qimi\Desktop\RKreport[0]_S_02062014_093904.txt2014-02-06 10:39 - 2014-02-06 10:26 - 00000000 ____D () C:\Users\qimi\Desktop\RK_Quarantine2014-02-06 10:21 - 2014-02-06 10:21 - 04380160 _____ () C:\Users\qimi\Desktop\RogueKillerX64.exe2014-02-06 10:20 - 2014-02-06 10:20 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-06 10:20 - 2012-09-28 17:49 - 00000000 ____D () C:\windows\erdnt2014-02-06 10:18 - 2014-02-06 10:18 - 00791393 _____ (Lars Hederer ) C:\Users\qimi\Desktop\erunt-setup.exe2014-02-06 10:16 - 2014-02-06 10:15 - 00002122 _____ () C:\Users\qimi\Desktop\Rkill.txt2014-02-06 10:14 - 2014-02-06 10:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\qimi\Desktop\rkill.exe2014-02-06 10:11 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF2014-02-06 10:08 - 2014-02-06 09:34 - 00000000 ___SD () C:\ComboFix2014-02-06 09:34 - 2014-02-06 09:34 - 00000000 ____D () C:\Qoobox2014-02-06 09:31 - 2014-02-06 09:31 - 05180173 ____R (Swearware) C:\Users\qimi\Desktop\ComboFix.exe2014-02-05 16:42 - 2013-06-15 09:11 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-02-05 16:42 - 2012-09-26 20:29 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-02-05 16:42 - 2012-09-26 20:29 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-02-05 16:12 - 2014-02-05 16:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird2014-02-05 11:16 - 2014-02-05 11:16 - 00000235 _____ () C:\Users\qimi\Desktop\History - Alexa Rank.url2014-02-05 02:52 - 2014-02-05 00:55 - 00000000 ____D () C:\Users\qimi\Desktop\hide-and-show2014-02-04 23:56 - 2014-02-04 23:56 - 00019750 _____ () C:\Users\qimi\Desktop\dds.txt2014-02-04 23:56 - 2014-02-04 23:56 - 00011181 _____ () C:\Users\qimi\Desktop\attach.txt2014-02-04 23:55 - 2014-02-04 23:55 - 00688992 ____R (Swearware) C:\Users\qimi\Desktop\dds.scr2014-02-04 19:24 - 2014-02-04 19:12 - 00000000 ____D () C:\Users\qimi\Desktop\Microsoft driver update for hp deskjet 990c2014-02-04 19:21 - 2012-04-14 01:53 - 00000000 ____D () C:\Users\qimi2014-02-04 18:00 - 2011-12-26 19:21 - 00005033 _____ () C:\Users\qimi\Desktop\telefones andorra.txt2014-02-04 12:25 - 2014-02-04 12:25 - 00001247 _____ () C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk2014-02-04 12:25 - 2014-02-04 12:25 - 00000000 ____D () C:\Program Files\Hewlett-Packard2014-02-04 12:25 - 2014-02-04 12:21 - 00090650 _____ () C:\windows\hpdj6122.his2014-02-04 12:25 - 2014-02-04 12:21 - 00007503 _____ () C:\windows\hpdj6122.ini2014-02-04 12:25 - 2014-01-07 11:44 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard2014-02-04 12:25 - 2013-12-25 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-02-04 12:23 - 2014-02-04 12:23 - 00000000 ____D () C:\Users\qimi\Documents\My eBooks2014-02-04 12:23 - 2014-02-04 12:23 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\InterTrust2014-02-04 12:23 - 2012-08-11 14:45 - 00000000 ____D () C:\windows\SysWOW64\Adobe2014-02-04 12:23 - 2012-04-16 09:59 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-02-03 13:30 - 2014-02-03 13:30 - 00000000 ____D () C:\Program Files\Inpaint2014-02-03 12:59 - 2011-09-06 01:27 - 00030260 _____ () C:\windows\DPINST.LOG2014-02-03 12:50 - 2012-04-21 17:07 - 00000000 ____D () C:\Users\qimi\AppData\Local\CrashDumps2014-02-03 11:13 - 2014-02-03 11:13 - 00001008 _____ () C:\Users\qimi\Desktop\AdwCleaner[R1].txt2014-02-02 23:35 - 2014-02-07 17:47 - 00000950 _____ () C:\Users\qimi\Desktop\AdwCleaner[s0].txt2014-02-02 23:34 - 2014-02-02 23:34 - 00000254 _____ () C:\Users\qimi\Desktop\win32-Bundled.Toolbar.Google.D application - Resolved HijackThis Logs - Malwarebytes Forum.url2014-02-02 23:31 - 2014-02-02 23:31 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\qimi\Desktop\tdsskiller.exe2014-02-02 11:57 - 2014-02-02 11:57 - 00000259 _____ () C:\Users\qimi\Desktop\Valid HTML 4.01 Strict And The Target Attribute - Web Site Design - Cre8asiteforums.url2014-01-31 14:34 - 2012-04-16 11:07 - 00000000 ____D () C:\Program Files (x86)\POP Peeper2014-01-30 16:18 - 2014-01-30 15:39 - 00000000 ____D () C:\Users\qimi\Desktop\Media queries2014-01-29 23:34 - 2013-11-10 08:59 - 00000000 ____D () C:\Users\qimi\Desktop\Web2014-01-29 23:34 - 2013-03-17 15:16 - 00000000 ____D () C:\Users\qimi\Desktop\website2014-01-28 21:27 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini2014-01-28 20:23 - 2014-01-25 11:31 - 00000058 _____ () C:\Users\qimi\Desktop\Worten.txt2014-01-27 13:32 - 2014-01-27 13:32 - 00000207 _____ () C:\Users\qimi\Desktop\The Free Keyword Tool from WordStream - Free Keywords for SEO, AdWords, & Blogging.url2014-01-27 13:30 - 2014-01-27 13:30 - 00000242 _____ () C:\Users\qimi\Desktop\Arrecadação Arrendamento 35€ em Oeiras, Oeiras e São Julião Barra - Casa.Sapo.pt - Portal Nacional de Imobiliário.url2014-01-23 16:23 - 2014-01-23 16:23 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log2014-01-23 16:23 - 2013-10-16 10:20 - 00000000 ____D () C:\ProgramData\Oracle2014-01-23 16:23 - 2013-10-16 10:15 - 00000000 ____D () C:\Program Files (x86)\Java2014-01-23 16:20 - 2012-04-14 02:04 - 00000000 ____D () C:\Users\qimi\AppData\Local\Adobe2014-01-23 12:42 - 2014-01-23 12:23 - 00000000 ____D () C:\Users\qimi\Desktop\css2014-01-23 12:24 - 2014-01-23 11:28 - 00000471 _____ () C:\Users\qimi\Desktop\PrivateSignature.html2014-01-23 12:23 - 2014-01-23 11:26 - 00000000 ____D () C:\Users\qimi\Desktop\signature2014-01-23 07:16 - 2014-01-22 18:56 - 00001287 _____ () C:\Users\qimi\Desktop\PersonalSign.html2014-01-23 07:14 - 2012-05-20 21:22 - 00001087 _____ () C:\windows\SD329.INI2014-01-21 12:07 - 2014-01-07 11:43 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\HpUpdate2014-01-20 15:48 - 2013-05-24 09:24 - 00000000 ____D () C:\Users\qimi\.gimp-2.82014-01-20 15:36 - 2014-01-20 15:36 - 00002581 _____ () C:\Users\qimi\AppData\Local\recently-used.xbel2014-01-20 14:20 - 2012-09-19 09:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe2014-01-17 21:58 - 2013-09-01 20:17 - 00000000 ____D () C:\Users\qimi\Desktop\Tools2014-01-17 16:34 - 2014-01-17 16:34 - 00000195 _____ () C:\Users\qimi\Desktop\Emirates,.url2014-01-17 08:47 - 2014-01-17 07:52 - 00000000 ____D () C:\Users\qimi\Desktop\Tel-o-Tel2014-01-16 17:49 - 2011-12-26 19:22 - 00000000 ___RD () C:\Users\qimi\Desktop\Open University2014-01-16 15:30 - 2013-11-25 20:23 - 00000000 ____D () C:\Users\qimi\Desktop\Affiliates2014-01-16 13:24 - 2009-07-14 05:45 - 00432616 _____ () C:\windows\system32\FNTCACHE.DAT2014-01-16 13:04 - 2013-07-16 13:04 - 00000000 ____D () C:\windows\system32\MRT2014-01-16 13:00 - 2012-04-15 15:18 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-01-14 11:01 - 2014-01-14 11:01 - 00000195 _____ () C:\Users\qimi\Desktop\Panama,.url2014-01-10 19:06 - 2014-01-10 19:06 - 00000262 _____ () C:\Users\qimi\Desktop\Ariston Spares, Parts & Accessories.urlSome content of TEMP:====================C:\Users\qimi\AppData\Local\Temp\ntdll_dump.dllC:\Users\qimi\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-01-29 18:32==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014Ran by qimi at 2014-02-08 06:37:39Running from C:\Users\qimi\DesktopBoot Mode: Normal============================================================================== Security Center ========================AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}==================== Installed Programs ======================„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (x32 Version: 15.4.5722.2 - Microsoft Corporation)„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenActiveState Komodo Edit 8.0.1 (x32 Version: 8.0.1 - ActiveState Software Inc.)ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2 - Microsoft Corporation)ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2 - Microsoft Corporation)Adobe Acrobat 5.0 (x32 Version: 5.0 - Adobe Systems, Inc.)Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)Adobe Reader X (10.1.6) (x32 Version: 10.1.6 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.)Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) HiddenApache HTTP Server 2.2.22 (x32 Version: 2.2.22 - Apache Software Foundation)Apple Application Support (x32 Version: 2.3 - Apple Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)BatteryLifeExtender (x32 Version: 1.0.11 - Samsung)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBelkin Setup and Router Monitor (x32 Version: - )Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) HiddenBullzip PDF Printer 9.3.0.1516 (Version: 9.3.0.1516 - Bullzip)ChargeableUSB (x32 Version: 1.0.0.0 - SAMSUNG)Chime/Chime Pro for Internet Explorer (x32 Version: - )Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenCompatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2 - Microsoft Corporation)Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.)CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) HiddenCyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.)CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) HiddenCyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.)CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) HiddenCyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.)CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) HiddenCyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.)CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) HiddenCyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.)CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDiner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) HiddendnGREP 2.7.1 (x64) (Version: 2.7.1 - Denis Stankovski)Easy Content Share (x32 Version: 1.0 - Samsung Electronics Co., LTD)Easy Display Manager (x32 Version: 3.2 - Samsung Electronics Co., Ltd.)Easy Migration (x32 Version: 1.0 - Samsung Electronics Co., Ltd.)Easy Network Manager (x32 Version: 4.4.7 - Samsung)Easy SpeedUp Manager (x32 Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)EasyBatteryManager (x32 Version: 4.0.0.4 - Samsung)EasyFileShare (x32 Version: 1.0.11 - Samsung)ERUNT 1.1j (x32 Version: - Lars Hederer)ESET Online Scanner v3 (x32 Version: - )ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2 - ELAN Microelectronic Corp.)Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) HiddenFast Start (x32 Version: 2.2.0.0 - SAMSUNG)FileZilla Client 3.7.3 (HKCU Version: 3.7.3 - Tim Kosse)Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenFree CSS Toolbox 1.2 (x32 Version: Free CSS Toolbox 1.0 - Blumentals Software)Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGaleria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGIMP 2.8.4 (Version: 2.8.4 - The GIMP Team)Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) HiddenHP Deskjet 1510 series Basic Device Software (Version: 30.0.1093.41190 - Hewlett-Packard Co.)HP Deskjet 1510 series Help (x32 Version: 30.0.0 - Hewlett Packard)HP FWUpdateEDO2 (x32 Version: 1.2.0.0 - Hewlett-Packard)HP Photo Creations (x32 Version: 1.0.0.7702 - HP)hp print screen utility (x32 Version: - )HP Update (x32 Version: 5.003.003.001 - Hewlett-Packard)HTML-Kit Tools (x32 Version: 1.0 - HTML-Kit.com)Inpaint 5.6 (Version: - Teorex)Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (x32 Version: 8.15.10.2266 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 1.1.0.0157 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.0.0537 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046 - Intel Corporation)Internet Explorer (Enable DEP) (Version: - )Internet Explorer Developer Toolbar (x32 Version: 1.0.2188 - Microsoft)Iomega Encryption (Version: 1.03.0001 - Iomega an EMC Company)Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab)Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab) HiddenKontrola Windows Live Mesh ActiveX za daljinske veze (x32 Version: 15.4.5722.2 - Microsoft Corporation)Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)MDL Chime/Chime Pro for Internet Explorer (x32 Version: - )Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)Monitor da tecnologia Intel® Turbo Boost 2.0 (Version: 2.0.82.0 - Intel)Movie Color Enhancer (x32 Version: 1.0 - Samsung Electronics Co., Ltd.)MozBackup 1.5.1 (x32 Version: - Pavel Cvrcek)Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla)Mozilla Thunderbird 24.3.0 (x86 en-US) (x32 Version: 24.3.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMultimedia POP (x32 Version: 1.0 - )MySQL Connector C++ 1.1.2 (Version: 1.1.2 - Oracle and/or its affiliates)MySQL Connector J (x32 Version: 5.1.23 - Oracle Corporation)MySQL Connector Net 6.6.5 (x32 Version: 6.6.5 - Oracle)MySQL Connector/ODBC 5.2(w) (Version: 5.2.4 - Oracle Corporation)MySQL Documents 5.6 (x32 Version: 5.6.10 - Oracle Corporation)MySQL Examples and Samples 5.6 (x32 Version: 5.6.10 - Oracle Corporation)MySQL Installer (x32 Version: 1.1.7.0 - Oracle Corporation)MySQL Notifier 1.0.3 (x32 Version: 1.0.3 - Oracle)MySQL Server 5.6 (Version: 5.6.10 - Oracle Corporation)MySQL Workbench 5.2 CE (x32 Version: 5.2.47 - Oracle Corporation)Notepad++ (x32 Version: 6.4.3 - Notepad++ Team)NVIDIA Control Panel 307.21 (Version: 307.21 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 307.21 (Version: 307.21 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) HiddenNVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) HiddenNVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) HiddenOpera 12.16 (x32 Version: 12.16.1860 - Opera Software ASA)Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2 - Microsoft Corporation)Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2 - Microsoft Corporation)PeaZip 4.9.1 (x32 Version: - Giorgio Tani)Peggle (x32 Version: 2.2.0.82 - WildTangent) HiddenPenguins! (x32 Version: 2.2.0.82 - WildTangent) HiddenPlants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) HiddenPoczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenPodstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenPolar Golfer (x32 Version: 2.2.0.82 - WildTangent) HiddenPOP Peeper (x32 Version: - Mortal Universe)Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenProduct Improvement Study for HP Deskjet 1510 series (Version: 30.0.1093.41190 - Hewlett-Packard Co.)QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenRealtek Ethernet Controller Driver (x32 Version: 7.44.421.2011 - Realtek)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6400 - Realtek Semiconductor Corp.)RemoteComms External Disk Access (x32 Version: 1.25.0003 - PLX Technology)Safari (x32 Version: 5.34.57.2 - Apple Inc.)Samsung AnyWeb Print (x32 Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)Samsung Printer Live Update (x32 Version: - Samsung Electronics Co., Ltd.)Samsung Recovery Solution 5 (x32 Version: 5.0.0.9 - Samsung)Samsung Support Center 1.0 (x32 Version: 1.1.38 - Samsung)Samsung Universal Print Driver (x32 Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)Samsung Universal Scan Driver (x32 Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)Samsung Update Plus (x32 Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)SD226 Biological Psychology (x32 Version: - The Open University)Simple CSS 2.1 (x32 Version: - HostM.com Web Hosting)Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)SopCast 3.4.7 (x32 Version: 3.4.7 - www.sopcast.com)SUPERAntiSpyware (Version: 5.5.1016 - SUPERAntiSpyware.com)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTextStylist (x32 Version: - )User Guide (x32 Version: 1.5 - )Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2 - Microsoft Corporation)Veetle TV (x32 Version: 0.9.19 - Veetle, Inc)Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VueScan x64 (Version: - )WildTangent Games (x32 Version: 1.0.1.5 - WildTangent)WildTangent ORB Game Console (x32 Version: - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX kontrola za daljinske veze (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWOT for Internet Explorer (Version: 13.9.2.0 - WOT Services Oy)Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenΣτοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation)Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenОсновные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenПочта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) HiddenФотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenФотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenЭлемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2 - Microsoft Corporation)גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hiddenפקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2 - Microsoft Corporation)بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hiddenعنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2 - Microsoft Corporation)معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hiddenตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (x32 Version: 15.4.5722.2 - Microsoft Corporation)원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (x32 Version: 15.4.5722.2 - Microsoft Corporation)用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)==================== Restore Points =========================29-01-2014 17:47:15 ComboFix created restore point30-01-2014 08:58:26 Windows Update02-02-2014 11:58:19 Windows Update02-02-2014 19:00:14 Windows Backup03-02-2014 11:59:06 Device Driver Package Install: Hamrick Software Imaging devices04-02-2014 11:21:57 Installed hp deskjet 612205-02-2014 21:10:02 Windows Update==================== Hosts content: ==========================2009-07-14 03:34 - 2014-01-28 21:27 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {00A03DEC-E8E9-4ACB-B6BB-9C57388EC6D0} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)Task: {058D4251-156A-4218-8529-AB63666FD6B8} - System32\Tasks\{BD4A80A6-CD6F-4DE1-B385-F19BE896B0EC} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2013-02-15] (Adobe Systems Incorporated)Task: {13D54712-1F90-469A-AC35-6AF912914E7B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {16393E1D-B09E-4CDB-9E72-76B004AA87EA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)Task: {247697C0-BB17-4F96-AE95-F3DCBF49FAA0} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics)Task: {358655A1-0546-4B93-BB54-61D52ACAB9F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)Task: {39928468-7E97-4F25-8427-D83748454092} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)Task: {4864D1D0-47FB-4CC8-9348-0E4B3E18B4CD} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exeTask: {496CBF63-691B-4919-842C-7AF2F31FC928} - System32\Tasks\{591566B1-8C1C-4408-B19E-9E2C6315DCCB} => C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW20.EXE [2007-04-09] (Microsoft Corporation)Task: {6C4EE398-6790-4193-93EF-A9B2FA49C7A2} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)Task: {755C5B68-C374-461F-863B-F0D1EAF2A621} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)Task: {9ACFA905-23A9-40CD-935A-D1C000FEE21A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exeTask: {AE6D570A-549C-41A8-BEC1-21F6909CF59B} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)Task: {AF70348C-9BD7-4F86-AC37-EA438A5DA8CC} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)Task: {D0DEE7EC-22FB-4EA2-9A25-FF9FAB101CDD} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)Task: {DAF59F8D-7363-406F-B785-7CA92E1C21C5} - System32\Tasks\{040278A4-34D3-4381-AFF6-FBC07B5B71C3} => C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW20.EXE [2007-04-09] (Microsoft Corporation)Task: {DB2797CF-7071-499A-8DBF-2C0FC8DA3275} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)Task: {E04DCB53-82A1-4D09-B1C3-6C21D63CDD3D} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)Task: {E42F7251-A764-4374-99C8-A28EA7027B36} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)Task: {E4F6656C-60EA-4858-A948-3813A420585E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)Task: {F388BEF1-FACE-4228-983F-ACF0635E050A} - System32\Tasks\{9828B178-0495-45EF-BD1D-D7FAD097F640} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2013-02-15] (Adobe Systems Incorporated)Task: {F7DB4622-A955-45F8-97B0-3F7C4CA51891} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2011-09-06 05:42 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-09-06 01:52 - 2010-12-10 12:19 - 00952832 _____ () C:\windows\system32\spool\DRIVERS\x64\3\spd__du.dll2011-09-06 01:36 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll2011-09-06 01:51 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll2011-09-06 01:49 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll2014-02-05 16:11 - 2014-02-05 16:11 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll2014-02-05 16:11 - 2014-02-05 16:11 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll2014-02-05 16:11 - 2014-02-05 16:11 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll2013-12-25 15:33 - 2013-12-25 15:33 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll2010-01-02 15:42 - 2010-01-02 15:42 - 00018207 _____ () C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\Users\qimi\Leído Anyós Panorama - Cambio de administrador.eml:OECustomPropertyAlternateDataStreams: C:\Users\qimi\Desktop\Pedido de Acesso a dados policiais - Proc. n.º 9331_2013.eml:OECustomPropertyAlternateDataStreams: C:\Users\qimi\Desktop\RV RETIRADA DOCUMENTOS.eml:OECustomProperty==================== Safe Mode (whitelisted) ===================HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/07/2014 05:01:07 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/07/2014 04:59:39 PM) (Source: Apache Service) (User: )Description: The Apache service named reported the following error:>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName .Error: (02/07/2014 04:57:13 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/07/2014 04:55:55 PM) (Source: Apache Service) (User: )Description: The Apache service named reported the following error:>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName .System errors:=============Error: (02/07/2014 05:01:56 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Error: (02/07/2014 05:01:56 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:%%1330To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (02/07/2014 04:58:05 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Error: (02/07/2014 04:58:05 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:%%1330To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (02/07/2014 04:43:38 PM) (Source: Microsoft Antimalware) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3465.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608Microsoft Office Sessions:=========================Error: (02/07/2014 05:01:07 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/07/2014 04:59:39 PM) (Source: Apache Service)(User: )Description: The Apache service namedreported the following error:>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerNameError: (02/07/2014 04:57:13 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/07/2014 04:55:55 PM) (Source: Apache Service)(User: )Description: The Apache service namedreported the following error:>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerNameCodeIntegrity Errors:=================================== Date: 2014-01-28 21:26:48.154 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-28 21:26:48.094 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-28 21:26:48.044 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-28 21:26:47.984 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-11 14:19:28.868 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-11 14:19:28.837 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-11 14:19:28.790 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-11 14:19:28.744 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-09 18:51:16.596 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-09 18:51:16.549 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Percentage of memory in use: 50%Total physical RAM: 6056.29 MBAvailable physical RAM: 3007.13 MBTotal Pagefile: 12110.76 MBAvailable Pagefile: 7875.69 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.79 MB==================== Drives ================================Drive c: () (Fixed) (Total:500 GB) (Free:421.26 GB) NTFSDrive d: () (Fixed) (Total:408.01 GB) (Free:122.98 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 932 GB) (Disk ID: A9ACFE6D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=408 GB) - (Type=OF Extended)Partition 4: (Not Active) - (Size=23 GB) - (Type=27)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
qim Posted February 8, 2014 Author ID:788242 Share Posted February 8, 2014 To save time I dis a scan with ADWCleaner after having done all the others, in order to get a log: # AdwCleaner v3.018 - Report created 08/02/2014 at 11:51:07# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : qimi - QIMI-PC# Running from : C:\Users\qimi\Desktop\Scans\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16526-\\ Mozilla Firefox v26.0 (en-US)[ File : C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\9mzucc9u.default\prefs.js ]-\\ Google Chrome v32.0.1700.107[ File : C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [890 octets] - [02/02/2014 23:30:36]AdwCleaner[R1].txt - [1008 octets] - [03/02/2014 11:12:06]AdwCleaner[R2].txt - [1068 octets] - [07/02/2014 16:52:42]AdwCleaner[R3].txt - [937 octets] - [08/02/2014 11:51:07]AdwCleaner[s0].txt - [950 octets] - [02/02/2014 23:35:38]AdwCleaner[s1].txt - [1130 octets] - [07/02/2014 16:54:03]########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1115 octets] ########## Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 8, 2014 Root Admin ID:788254 Share Posted February 8, 2014 The logs look pretty good now but let's remove Java to make sure we don't have any left over old java files.Please uninstall Java from the Control Panel, Add/Remove and then run the following as well. Please download JavaRa-1.16 and save it to your computer.Double click to open the zip file and then select all and choose Copy. Create a new folder on your Desktop named RemoveJava and paste the files into this new folder. Quit all browsers and other running applications. Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program. From the drop-down menu, choose English and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location and post it in your next reply. Then run the following Please download Security Check by screen317 from HERE or HERE.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. If you get Unsupported operating system. Aborting now, just reboot and try again. A Notepad document should open automatically called checkup.txt. Please Post the contents of that document. Do Not Attach It!!! Link to post Share on other sites More sharing options...
qim Posted February 8, 2014 Author ID:788273 Share Posted February 8, 2014 Hi, Thanks What about the malware found by Eset? false alarm? JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat Feb 08 13:21:02 2014There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.Found and removed: Applications\java.exeFound and removed: Applications\javaw.exeFound and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}Found and removed: Software\JavaSoft\Java UpdateFound and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B338232391207FFFound and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467CFound and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-appletFound and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-fileFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\.jarFound and removed: SOFTWARE\Classes\.jnlpFound and removed: SOFTWARE\Classes\jarfileFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Classes\JNLPFileFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exeFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}Found and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting. Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (26.0) Mozilla Thunderbird (24.3.0) Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
qim Posted February 8, 2014 Author ID:788277 Share Posted February 8, 2014 Sorry...!!! I've just reaalized that I ran the JavaRe WITHOUT uninstallin Java in Add/Remove. Shall I uninstall now? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 8, 2014 Root Admin ID:788482 Share Posted February 8, 2014 It probably will not allow removal from the control panel anymore at this time but you can try. Please open Adobe Reader and then from the menu have it check for updates and install them. How is the computer running now? Link to post Share on other sites More sharing options...
qim Posted February 8, 2014 Author ID:788494 Share Posted February 8, 2014 Hi I have Adobe Reader XI and there are no updates available. The system is still slow,,, I have a confession to make: before you came on the scene I was so paranoid that I decided to run ComboFix. It got stuck after Stage 4, and I had to abort and restart. I wonder if I screwed something up in the process! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 9, 2014 Root Admin ID:788585 Share Posted February 9, 2014 Well we can run a few more things but if not all slowness is due to malware. Please download the following scanner from Kaspersky and save it to your computer: TDSSkillerThen watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.Once the tool has completed scanning make sure to re-enable your other security applications. Link to post Share on other sites More sharing options...
qim Posted February 9, 2014 Author ID:788612 Share Posted February 9, 2014 Hi TDSS found something suspicious. The files are too long and cannot be posted. I am attaching them (sorry...) Thanks TDSSKiller.3.0.0.22_09.02.2014_06.50.33_log.txtTDSSKiller.3.0.0.22_09.02.2014_06.56.18_log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 9, 2014 Root Admin ID:788618 Share Posted February 9, 2014 That was just an unsigned file and nothing wrong with it. Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Link to post Share on other sites More sharing options...
qim Posted February 9, 2014 Author ID:788619 Share Posted February 9, 2014 ok I've done all that. It will take me a while to see if things are better. But what about the ComboFix hang? Thta is not supposed to happen, Do you thing some malware stopped it? Thanks Link to post Share on other sites More sharing options...
qim Posted February 9, 2014 Author ID:788695 Share Posted February 9, 2014 Something else is happening. It started yesterday, then stopped and now it is back. It seems to come whenever I open a page, even Google, this popup about Falsh comes up and I spend half the time closing them as they come one after the other. Please, see attachment. Link to post Share on other sites More sharing options...
qim Posted February 10, 2014 Author ID:788971 Share Posted February 10, 2014 Hi The popup for Flash has been resolved by disabling an Adobe Add.on. Sorry! I'm seeing ghosts everywhere! qim Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 10, 2014 Root Admin ID:788973 Share Posted February 10, 2014 Well we can try Combofix again and see what happens. Please make sure you close ALL applications and disable your antivirus long enough to stay off even after a reboot if needed. Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
qim Posted February 10, 2014 Author ID:788992 Share Posted February 10, 2014 Hi Big sigh of relief.... this time ComboFix ran as expected! Log attached. Thanks Link to post Share on other sites More sharing options...
Recommended Posts