Jump to content
Rasheed

Removed Malware and now no internet access

Recommended Posts

I ran the malwarebytes software, which successfully removed the malware.  But now I have no internet access.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Owner (administrator) on OWNER-PC on 04-08-2014 13:36:02
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\jmesoft\Service.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-03] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-06] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-19] (Google Inc.)
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [74840 2012-04-18] (Intuit Inc.)
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-19] (Google Inc.)
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [backgroundContainerV2] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\MountPoints2: {cc6cb3b4-b541-11e1-b0e7-c89cdc7df61e} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:62196;https=127.0.0.1:62196
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Users\Owner\AppData\LocalLow\Vgrabber_v1\prxtbVgr2.dll (ClientConnect Ltd.)
URLSearchHook: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Users\Owner\AppData\LocalLow\Free_i-Dressup\prxtbFre2.dll (ClientConnect Ltd.)
SearchScopes: HKLM-x32 - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = 
SearchScopes: HKCU - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2474641&CUI=UN38208643902478228&UM=2
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Vgrabber v1 Toolbar -> {7f7f82f1-7c95-47cd-814f-950b56d58fc3} -> C:\Users\Owner\AppData\LocalLow\Vgrabber_v1\prxtbVgr2.dll (ClientConnect Ltd.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Free i-Dressup Toolbar -> {ff19b72a-36ed-4066-8865-a580ae938cce} -> C:\Users\Owner\AppData\LocalLow\Free_i-Dressup\prxtbFre2.dll (ClientConnect Ltd.)
Toolbar: HKLM - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Users\Owner\AppData\LocalLow\Vgrabber_v1\prxtbVgr2.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Users\Owner\AppData\LocalLow\Free_i-Dressup\prxtbFre2.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} -  No File
Toolbar: HKCU - No Name - {FF19B72A-36ED-4066-8865-A580AE938CCE} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog9 01 C:\windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 02 C:\windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 03 C:\windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 04 C:\windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 15 C:\windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9-x64 01 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 02 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 03 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 04 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 15 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4jg62ymw.default-1405562448566
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-02-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-02-23]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://feed.snap.do/?p=mKO_AwFzXIpYRbPAMW02fR43Kdy_R9RVr_kVLqe2LpQxzgfTZUmKE6TDoKQTd0aeyeQD8o8RatncoqnDrsndiZVuP3JNph_2TmP1TvDGBdgpKJKgoq9xX5qaRyxztyZXx-o,
CHR StartupUrls: "hxxp://feed.snap.do/?p=mKO_AwFzXIpYRbPAMW02fR43Kdy_R9RVr_kVLqe2LpQxzgfTZUmKE6TDoKQTd0aeyeQD8o8RatncoqnDrsndiZVuP3JNph_2TmP1TvDGBdgpKJKgoq9xX5qaRyxztyZXx-o,", "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://pcpehlgijbdajfafffojllcaecaecngb/components/supertab/html/supertab.html"
CHR DefaultSearchKeyword: search.snap.do
CHR DefaultSearchProvider: Web
CHR DefaultNewTabURL: 
CHR Extension: (Bazaar Friend) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-01]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-01]
CHR Extension: (Content Blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-01]
CHR Extension: (savinsshaopp) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhjdknalbiahgadaadlobfcabopbann [2014-04-02]
CHR Extension: (InfoBird Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-01]
CHR Extension: (Virtual Keyboard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-01]
CHR Extension: (Vgrabber v1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb [2014-03-01]
CHR Extension: (Hukkster) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpalbmbgpoekgolgbahfhobfgfcdbofl [2014-06-09]
CHR Extension: (Free i-Dressup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop [2014-03-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-05-19]
CHR Extension: (InternetHelper3.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2014-03-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Fast Discountz) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd [2014-03-01]
CHR Extension: (MapsGalaxy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-04-05]
CHR Extension: (Search Slate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\poahfhjpeiaonjhbljfgnlllpdbnilon [2014-07-02]
CHR Extension: (Extutil) - C:\Users\Owner\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-01-15]
CHR Extension: (Managera) - C:\Users\Owner\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2013-12-24]
CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]
CHR HKLM\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]
CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]
CHR HKCU\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2013-08-07]
CHR HKCU\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]
CHR HKCU\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [lhdfjaaobagbaepmefnjabfmhnggliop] - C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx [2013-08-15]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-04]
CHR HKCU\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2013-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lhdfjaaobagbaepmefnjabfmhnggliop] - C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2013-09-09]
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-06] ()
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-04] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R2 npf; C:\windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 13:35 - 2014-08-04 13:36 - 00000000 ____D () C:\FRST
2014-07-21 17:18 - 2014-07-21 17:18 - 00002982 _____ () C:\windows\System32\Tasks\{0A4461E2-8077-4842-8314-A1298B006C20}
2014-07-21 17:15 - 2014-07-21 17:15 - 00003032 _____ () C:\windows\System32\Tasks\{AFACE052-54AC-4164-A084-A6487EB1AE71}
2014-07-21 17:15 - 2014-07-21 17:15 - 00003032 _____ () C:\windows\System32\Tasks\{AE9451BA-4FD0-47C7-B128-57E201AC148B}
2014-07-16 18:03 - 2014-07-16 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 17:33 - 2014-07-16 17:33 - 00000000 ____D () C:\New folder
2014-07-16 16:58 - 2014-07-16 19:00 - 00000000 ____D () C:\Users\Owner\Desktop\Old Firefox Data
2014-07-13 12:25 - 2014-07-13 12:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4591F6B6-3C5A-4E99-A9B1-7A1684D3950E}
2014-07-11 19:02 - 2014-07-11 19:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\SearchProtect
2014-07-10 19:53 - 2014-08-04 13:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 19:52 - 2014-08-04 13:35 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 19:52 - 2014-08-04 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 19:52 - 2014-08-04 13:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-10 19:52 - 2014-07-16 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 19:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 19:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 19:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 19:51 - 2014-07-10 19:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-09 13:23 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 13:23 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 13:23 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 13:23 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 13:23 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 13:23 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 13:23 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 13:23 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 13:23 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 13:23 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 13:23 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 13:23 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 13:23 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 13:23 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 13:23 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 13:23 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 13:23 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 13:23 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 13:23 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 13:23 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 13:23 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 13:23 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 13:23 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 13:23 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 13:23 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 13:23 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 13:23 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 13:23 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 13:23 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 13:23 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 13:23 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 13:23 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 13:23 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 13:23 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 13:23 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 13:23 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 13:23 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 13:23 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 13:23 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 13:23 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 13:23 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 13:23 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 13:23 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 13:23 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 13:23 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 13:23 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 13:23 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 13:23 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 13:23 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 13:23 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 13:23 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 13:23 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 13:23 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 13:23 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 13:23 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 13:23 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 10:17 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 09:37 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 09:37 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 09:37 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 09:32 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 09:32 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 09:32 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 09:32 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 09:32 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 09:32 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 09:32 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 09:32 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 09:32 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 09:32 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 09:32 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 09:32 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 09:32 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 09:32 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 09:27 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 09:27 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 09:27 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-09 09:12 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 09:12 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-08 22:03 - 2014-07-08 22:03 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-05 11:51 - 2014-07-05 11:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Systweak
2014-07-05 11:49 - 2014-07-05 11:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Compete
2014-07-05 11:49 - 2014-07-05 11:49 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-07-05 11:48 - 2014-08-04 13:36 - 00000360 _____ () C:\windows\Tasks\CIMT_S-1-5-21-2903869773-3859282900-2980300728-1001.job
2014-07-05 11:48 - 2014-07-05 11:48 - 00003274 _____ () C:\windows\System32\Tasks\CIMT_S-1-5-21-2903869773-3859282900-2980300728-1001
2014-07-05 11:47 - 2014-07-16 18:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-07-05 11:47 - 2014-07-16 18:48 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-07-05 11:47 - 2014-07-16 18:48 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-05 11:47 - 2014-07-16 18:48 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-07-05 11:47 - 2014-07-16 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-07-05 11:47 - 2014-07-16 18:27 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Systweak
2014-07-05 11:47 - 2014-07-16 18:13 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-05 11:47 - 2014-07-13 12:03 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\InstallX Search Protect for Yahoo
2014-07-05 11:47 - 2014-07-10 07:06 - 00003108 _____ () C:\windows\System32\Tasks\RegClean Pro
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yahoo!
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-07-05 11:47 - 2012-07-25 12:03 - 00016896 _____ () C:\windows\system32\sasnative64.exe
2014-07-05 11:46 - 2014-07-16 18:48 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
2014-07-05 11:46 - 2014-07-05 11:46 - 00003324 _____ () C:\windows\System32\Tasks\Codec Update Service
2014-07-05 11:46 - 2014-07-05 11:46 - 00001054 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Windows Essentials Codec Pack
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Windows Codec
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Essentials Codec Pack
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Program Files (x86)\Windows Essentials Codec Pack
2014-07-05 11:45 - 2014-07-10 20:09 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WECP
2014-07-05 11:44 - 2014-07-05 11:44 - 01077312 _____ (Open Source Developer) C:\Users\Owner\Downloads\WindowsCodec.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 13:36 - 2014-08-04 13:35 - 00000000 ____D () C:\FRST
2014-08-04 13:36 - 2014-07-05 11:48 - 00000360 _____ () C:\windows\Tasks\CIMT_S-1-5-21-2903869773-3859282900-2980300728-1001.job
2014-08-04 13:36 - 2009-07-13 22:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-04 13:35 - 2014-07-10 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 13:35 - 2014-07-10 19:52 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 13:35 - 2014-07-10 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 13:35 - 2014-07-10 19:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-04 13:34 - 2009-07-13 21:51 - 00055158 _____ () C:\windows\setupact.log
2014-08-04 13:32 - 2012-02-19 15:35 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 13:28 - 2012-02-08 11:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-04 13:16 - 2013-06-10 18:33 - 00000286 _____ () C:\windows\Tasks\DSite.job
2014-08-04 13:03 - 2012-04-24 06:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 12:39 - 2014-02-14 07:39 - 00000292 _____ () C:\windows\Tasks\Digital Sites.job
2014-08-04 12:38 - 2012-02-19 15:51 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job
2014-08-04 04:38 - 2012-02-19 15:51 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job
2014-08-04 03:00 - 2011-11-18 17:06 - 01171477 _____ () C:\windows\WindowsUpdate.log
2014-08-03 19:32 - 2012-02-19 15:35 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 22:58 - 2014-03-01 23:57 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-08-02 07:36 - 2012-02-18 17:54 - 06516736 _____ () C:\Users\Owner\Desktop\Reno.QDF-backup
2014-08-01 16:11 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 16:11 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 03:01 - 2014-02-17 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 03:00 - 2014-02-17 17:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:00 - 2014-02-17 17:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 14:03 - 2012-07-23 06:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-07-21 17:19 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-21 17:18 - 2014-07-21 17:18 - 00002982 _____ () C:\windows\System32\Tasks\{0A4461E2-8077-4842-8314-A1298B006C20}
2014-07-21 17:15 - 2014-07-21 17:15 - 00003032 _____ () C:\windows\System32\Tasks\{AFACE052-54AC-4164-A084-A6487EB1AE71}
2014-07-21 17:15 - 2014-07-21 17:15 - 00003032 _____ () C:\windows\System32\Tasks\{AE9451BA-4FD0-47C7-B128-57E201AC148B}
2014-07-16 19:00 - 2014-07-16 16:58 - 00000000 ____D () C:\Users\Owner\Desktop\Old Firefox Data
2014-07-16 18:56 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-16 18:50 - 2012-02-08 09:16 - 00000000 ____D () C:\Users\Owner
2014-07-16 18:49 - 2014-03-01 23:22 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-07-16 18:49 - 2011-02-15 03:41 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 18:48 - 2014-07-05 11:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-07-16 18:48 - 2014-07-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-07-16 18:48 - 2014-07-05 11:47 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-16 18:48 - 2014-07-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-07-16 18:48 - 2014-07-05 11:46 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
2014-07-16 18:48 - 2014-06-27 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 18:48 - 2014-06-27 16:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 18:48 - 2014-06-27 16:42 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-07-16 18:48 - 2014-06-15 12:34 - 00000000 ____D () C:\Program Files (x86)\Fixila PC Optimizer
2014-07-16 18:48 - 2014-06-15 12:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\WeatherAlerts
2014-07-16 18:48 - 2014-06-15 12:32 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-16 18:48 - 2014-06-15 12:31 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-16 18:48 - 2014-03-06 18:22 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-07-16 18:48 - 2014-03-01 23:38 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-07-16 18:48 - 2014-03-01 23:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\newplayer
2014-07-16 18:48 - 2014-03-01 23:23 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-07-16 18:48 - 2014-03-01 23:22 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-07-16 18:48 - 2013-09-21 16:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeFrontier
2014-07-16 18:48 - 2013-07-17 12:03 - 00000000 ____D () C:\Program Files (x86)\LessTabs
2014-07-16 18:48 - 2012-12-08 18:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Smartbar
2014-07-16 18:48 - 2011-02-15 03:41 - 00000000 ____D () C:\windows\ShellNew
2014-07-16 18:48 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-16 18:48 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-16 18:48 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-07-16 18:48 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-07-16 18:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-16 18:47 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration
2014-07-16 18:46 - 2012-04-24 06:27 - 00000000 ____D () C:\windows\system32\Macromed
2014-07-16 18:46 - 2012-03-03 16:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Conduit
2014-07-16 18:46 - 2012-02-19 15:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-07-16 18:46 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat
2014-07-16 18:44 - 2014-07-10 19:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 18:35 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\tracing
2014-07-16 18:28 - 2014-07-05 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-07-16 18:27 - 2014-07-05 11:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Systweak
2014-07-16 18:27 - 2014-06-15 12:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\Local_Weather_LLC
2014-07-16 18:27 - 2014-03-01 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\mysearchdial
2014-07-16 18:27 - 2014-03-01 23:38 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2014-07-16 18:27 - 2013-07-17 12:02 - 00000000 ____D () C:\Program Files (x86)\SearchProtect1544316921
2014-07-16 18:26 - 2014-07-16 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 18:24 - 2014-06-15 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Fixila
2014-07-16 18:19 - 2014-06-15 12:34 - 00009118 _____ () C:\szfixila.log
2014-07-16 18:13 - 2014-07-05 11:47 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-16 17:33 - 2014-07-16 17:33 - 00000000 ____D () C:\New folder
2014-07-13 12:25 - 2014-07-13 12:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4591F6B6-3C5A-4E99-A9B1-7A1684D3950E}
2014-07-13 12:25 - 2012-02-19 16:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-07-13 12:03 - 2014-07-05 11:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\InstallX Search Protect for Yahoo
2014-07-13 08:18 - 2014-02-14 07:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-07-13 08:18 - 2013-06-10 18:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DSite
2014-07-11 19:02 - 2014-07-11 19:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\SearchProtect
2014-07-11 18:48 - 2012-07-08 20:39 - 00470016 ___SH () C:\Users\Owner\Desktop\Thumbs.db
2014-07-11 16:53 - 2010-11-20 20:47 - 01067512 _____ () C:\windows\PFRO.log
2014-07-10 20:51 - 2014-01-28 17:23 - 00000022 _____ () C:\Users\Owner\Downloads\report.creditcard0816.zip
2014-07-10 20:13 - 2014-06-26 12:21 - 00000000 ____D () C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
2014-07-10 20:10 - 2012-03-03 16:19 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-07-10 20:09 - 2014-07-05 11:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WECP
2014-07-10 20:09 - 2014-07-02 12:00 - 00000000 ____D () C:\ProgramData\KingCoupon
2014-07-10 20:09 - 2014-04-02 19:14 - 00000000 ____D () C:\ProgramData\SavEroAddOn
2014-07-10 20:09 - 2013-07-17 12:02 - 00000000 ____D () C:\Program Files (x86)\InternetHelper3.1
2014-07-10 20:09 - 2012-07-01 13:44 - 00000000 ____D () C:\Temp
2014-07-10 19:52 - 2014-07-10 19:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 18:05 - 2014-03-01 23:43 - 00003244 _____ () C:\windows\System32\Tasks\PC System Boost Schedule
2014-07-10 17:48 - 2014-05-07 06:36 - 00000000 ____D () C:\ProgramData\ChromeHelper
2014-07-10 07:06 - 2014-07-05 11:47 - 00003108 _____ () C:\windows\System32\Tasks\RegClean Pro
2014-07-10 03:21 - 2009-07-13 21:45 - 00291856 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 03:03 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 03:01 - 2012-02-08 10:36 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-10 00:39 - 2013-07-28 10:16 - 00000273 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-07-08 22:03 - 2014-07-08 22:03 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 22:03 - 2012-04-24 06:27 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 22:03 - 2012-04-24 06:27 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 22:03 - 2012-02-17 06:18 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-05 11:51 - 2014-07-05 11:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Systweak
2014-07-05 11:49 - 2014-07-05 11:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Compete
2014-07-05 11:49 - 2014-07-05 11:49 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-07-05 11:48 - 2014-07-05 11:48 - 00003274 _____ () C:\windows\System32\Tasks\CIMT_S-1-5-21-2903869773-3859282900-2980300728-1001
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yahoo!
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-05 11:47 - 2014-07-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-07-05 11:46 - 2014-07-05 11:46 - 00003324 _____ () C:\windows\System32\Tasks\Codec Update Service
2014-07-05 11:46 - 2014-07-05 11:46 - 00001054 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Windows Essentials Codec Pack
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Windows Codec
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Essentials Codec Pack
2014-07-05 11:46 - 2014-07-05 11:46 - 00000000 ____D () C:\Program Files (x86)\Windows Essentials Codec Pack
2014-07-05 11:44 - 2014-07-05 11:44 - 01077312 _____ (Open Source Developer) C:\Users\Owner\Downloads\WindowsCodec.exe
 
Files to move or delete:
====================
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\17044C9643374655B64B3C9157F6FA0C.exe
C:\Users\Owner\AppData\Local\Temp\3D9900CEC91A4321B7184C1B4C2E0037.exe
C:\Users\Owner\AppData\Local\Temp\77DB_install_flashplayer11x32_mssd_aih.exe
C:\Users\Owner\AppData\Local\Temp\7za.exe
C:\Users\Owner\AppData\Local\Temp\83930CDE99DC401984B8FFC933AC8128.exe
C:\Users\Owner\AppData\Local\Temp\8449A505A3F646CEA5C038D1C1D18440.exe
C:\Users\Owner\AppData\Local\Temp\air6D52.exe
C:\Users\Owner\AppData\Local\Temp\APNStub.exe
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\C0EF0C78812648DAABD5F02579487F27.exe
C:\Users\Owner\AppData\Local\Temp\ce_update.exe
C:\Users\Owner\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Owner\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Owner\AppData\Local\Temp\helper.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\msvcr71.dll
C:\Users\Owner\AppData\Local\Temp\oi_{520D005D-91B4-4ACE-9588-7A9903F5150C}.exe
C:\Users\Owner\AppData\Local\Temp\SpOrder.dll
C:\Users\Owner\AppData\Local\Temp\SPSetup.exe
C:\Users\Owner\AppData\Local\Temp\statisticsStub.exe
C:\Users\Owner\AppData\Local\Temp\tbPag0.dll
C:\Users\Owner\AppData\Local\Temp\tbVgr0.dll
C:\Users\Owner\AppData\Local\Temp\TB_63A7.exe
C:\Users\Owner\AppData\Local\Temp\uninst1.exe
C:\Users\Owner\AppData\Local\Temp\v-bates.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\YontooIEClient.dll
C:\Users\Owner\AppData\Local\Temp\YontooSetup-Silent.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 00:35
 
==================== End Of Log ============================

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Not all the baddies went away, and aye, there's truly broken internet access here. Let's clean it up :)

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Sorry for the delay... I have attached the logs from these two tools.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Sun 08/31/2014 at 14:17:03.61

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7F7F82F1-7C95-47CD-814F-950B56D58FC3}

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

 

    Value Name          Type                             Value Data                     

========================================================================================

    BackgroundContainerV2    REG_SZ    "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

 

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\cpturlpassthru.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dca-bho.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\compete

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\compete

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsfinder

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\pc optimizer pro

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\defaulttab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\video downloader

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2418376

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2474641

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3268934

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3268935

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNToolbarInstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0511DB15-22C5-4E83-9801-723498761F6F}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{92395618-77A0-4A98-AD13-78F1AAF94270}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B60133AE-DD20-4EBF-9CBB-19E9A3036B2C}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff19b72a-36ed-4066-8865-a580ae938cce}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ff19b72a-36ed-4066-8865-a580ae938cce}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\windows\Tasks\dsite.job

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"

Successfully deleted: [File] "C:\end"

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"

Successfully deleted: [Folder] "C:\ProgramData\systweak"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\dsite"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\searchprotect"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\systweak"

Successfully deleted: [Folder] "\searchprotect"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\delta"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\internethelper3.1"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\mysearchdial"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\smartbar"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\vgrabber_v1"

Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper"

Successfully deleted: [Folder] "C:\Program Files (x86)\internethelper3.1"

Successfully deleted: [Folder] "C:\Program Files (x86)\lesstabs"

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"

Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"

Successfully deleted: [Folder] "C:\Program Files (x86)\trusted saver"

Successfully deleted: [Folder] "C:\Program Files (x86)\vgrabber_v1"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"

Successfully deleted: [Folder] "C:\Users\Owner\documents\optimizer pro"

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{03419690-6537-4D05-95E6-4A4AE37701E5}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0C0DD8FF-AF32-4387-9D8D-5BB18C621441}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0C941BC3-33A2-46F9-B41A-B44C39C2687D}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0CABF7AD-9A0D-46F1-8016-7C7D01F68801}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{106F42B8-99E9-4000-83DD-F2CE087F2B09}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{16C319B7-5513-4A0E-9E0F-6EA28CDAD73C}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1829D7BC-8A52-48DC-AA8D-D5077DD16273}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1F576D35-AAF9-4072-B22A-7EC1285E5E84}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2054FD0A-136C-4261-9824-56004C61E132}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{23CC82A5-84D1-486A-941A-361B2C73C1EC}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{24A81EB4-5B0A-4482-9069-F6B59F09AE4D}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{291F0731-8D25-4566-B5AA-C9C7E5430095}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2B10A9DC-7A4C-42B7-A2F1-2E0EB6A8DA75}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2C957AE7-7A38-43F6-A787-1F1790383CD9}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2D015155-DB5E-4049-A0BB-0671D2947C0B}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2F1FE14C-EF30-40C9-AEBC-BCDD8C6EC43E}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{34C8E243-3492-4B7E-B840-67B271628B5F}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{37CFCF14-50B5-4691-996B-7793B8A3339A}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{38024BC7-0DA0-49C2-9F3B-5C64F957B4A7}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{39AFFC88-A000-4B1A-A963-0BF3D1E219F7}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3D71651A-CE69-4CE0-9299-E1752FCACBD8}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4591F6B6-3C5A-4E99-A9B1-7A1684D3950E}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{482B3F8F-361C-49B1-A9DC-639434521ACC}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4CF7E181-F42A-4A5E-9131-3CF19A4E9719}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4F49AA70-1A1F-41E8-B48E-074E4409FF99}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5168D556-3832-4C79-A662-D74EFF7346D9}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{528D98ED-5FCF-48AC-B79B-AA599E977A41}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{564154CF-1170-460C-ABD7-46E9A0B8ABB7}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{56993CA1-DC8B-4B5B-9B17-01CFE6CE0B2E}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{57C37C0E-7C70-4386-BE4F-A94A71424464}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{587608BE-F85A-4EBA-97DC-3E1268D67855}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5DE92BE1-9171-4A30-8176-5484FD02A705}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{630BCA82-6836-4618-8210-C8A8F896BD89}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{642B61B0-9CEE-4945-A3D4-172DB8AE7BA3}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{68BF651C-1C8B-40F0-98C6-60EC09935143}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{698E7CBD-5B42-4FDC-A570-52DE7BF8C3BD}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6A3A798A-72BE-46C0-A714-24CC00936140}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6AB77290-DE4C-4588-B890-B298B618A3CF}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6C1E635B-19E3-455E-BB01-EA1FB1396527}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6CA1FF6F-16AF-44D8-B3F8-8626B8F000D8}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{711A9963-785D-4C5D-961B-29C6E1F60EEA}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{734AB476-4702-4B84-A916-2ED8072767E8}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{78EA43A6-0CC7-452D-9A14-3BB58BC48BDD}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7A1EA3E7-EB3B-4517-9FAB-686B27BEB2F0}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7A805202-10A1-4293-97A4-F50C409FF5D7}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7AE1B92F-04C6-48E9-A0D2-1EF262E23A14}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7B1AA05F-7B70-43AB-9B62-E90A34540625}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7D4F5CEA-09E1-48B2-BCAF-8059022360FD}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{802D4411-3109-4A64-81F1-E321AC571316}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{80DE1433-62C1-4724-9751-D53AD64FAB26}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{82052CE9-772F-45EE-BFE7-C3B3921970DE}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{82BA3506-DECF-4112-8755-415DD0BB97AA}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{85265913-FFDA-4583-80DB-F76C7157A196}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8594107D-6CB3-428C-B180-E17C45113727}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8AE4E6F7-08F8-4542-ADD8-A1D6F279A5C5}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8C53A362-D9D7-4F37-8AF5-FC69E7B1412D}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8CA14EC8-C3E3-4B51-9525-174FC694A629}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9013895E-E793-483B-BC8C-FB6B585BFD74}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{91AE5B4D-0BF3-44BC-803B-49DC61AA3E6A}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9332B0DC-5B16-4D4D-B9A0-8ABEB1566498}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{95B3CAE1-74D7-4B69-B46D-9A03EF2B744B}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{96F80509-E95A-4264-8B70-3C005DBFEE42}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{97C2C71F-754A-4252-9E2D-94ACA405FFED}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{98143BB7-4975-4B50-B692-C148611D937F}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9BAF876C-931E-43A3-8BBF-CD6EAB587FE4}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A33C6CE1-79C1-4C16-B6B8-2EB81AC28FBB}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B5DEA56F-C968-484F-A132-6F1730FB81FC}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B659675A-6661-4A74-A79A-C969BFC060DC}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B8FEDE84-0CA8-488E-9431-E1A6ADC13296}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B9A744C5-A680-4077-8BB0-7C6C76574273}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C5072D90-893F-4935-BB6C-53DB7496C752}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C5646AE2-7E8E-4984-8E11-C1469392A92C}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C8FF73E5-53F3-49D4-9F50-7D21A74B4C42}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CC3A94B6-3E5B-4292-9FEF-E553DCE5E745}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CC43855B-57C4-413B-B0B1-B99C27AA321F}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D084DB6B-3785-4C45-B110-E9F9B2ECDFB5}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D5884CC5-6DA6-4CB8-854D-1848FD3FACF1}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D5C0ED08-F575-40B3-AA3D-BC6566516A9B}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DAF23DBF-414D-4586-8016-19A89C65A8EB}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DF4F5199-616C-4754-89F1-DF380001EF8E}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E31EB71D-1520-4DE8-A660-84E398C35256}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E5C567E7-BB30-42A1-969A-9184F0DE3322}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EA4843C3-2AF4-4FC8-B0E8-266E1FC75B5C}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EBDDA692-3029-44C6-8325-8A1DF6EF5267}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ED6FB3BD-4960-4AA6-9106-84CA5ADDB31B}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F03EC86D-C3B4-456D-B467-59E4E5A561F2}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F2A53096-B18F-4AC9-A51A-1AD0233E45EE}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F5F0BB9C-A8F8-4C71-96D7-FFF38D634E6F}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F7222D60-4AB5-427F-AF09-1B3F01312E2A}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F7EF53F5-EC5C-4075-9F79-767910F8BBDE}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F9E96D0E-65B8-4FCD-9678-12398ACC3F90}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FCC4A907-A5BA-402F-8937-0E0250AE4B07}

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FE94AA59-59F3-4292-9670-97022AFB3BEB}

Successfully deleted: [Folder] "C:\ProgramData\ask"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 08/31/2014 at 14:21:46.90

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/31/2014

Scan Time: 1:57:20 PM

Logfile: app log.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.03.04.09

Rootkit Database: v2014.02.20.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Owner

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 246888

Time Elapsed: 5 min, 54 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.PriceGong.A, HKU\S-1-5-21-2903869773-3859282900-2980300728-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [e8617f804d2de650178aeda15ea40bf5], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 36

PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Quarantined, [5eeb2fd0245658de273383035da511ef], 

PUP.Optional.SmartBar.A, C:\Users\Owner\AppData\Local\Smartbar, Quarantined, [40091ee1ea900f271c4c82047d85639d], 

PUP.Optional.SmartBar.A, C:\Users\Owner\AppData\Local\Smartbar\Application, Quarantined, [40091ee1ea900f271c4c82047d85639d], 

PUP.Optional.SmartBar.A, C:\Users\Owner\AppData\Local\Smartbar\Application\he, Quarantined, [40091ee1ea900f271c4c82047d85639d], 

PUP.Optional.SmartBar.A, C:\Users\Owner\AppData\Local\Smartbar\Application\ru, Quarantined, [40091ee1ea900f271c4c82047d85639d], 

PUP.Optional.SmartBar.A, C:\Users\Owner\AppData\Local\Smartbar\Common, Quarantined, [40091ee1ea900f271c4c82047d85639d], 

PUP.Optional.SmartBar.A, C:\Users\Owner\AppData\Local\Smartbar\Common\iconsWide, Quarantined, [40091ee1ea900f271c4c82047d85639d], 

PUP.Optional.MySearchDial.A, C:\Users\Owner\AppData\Roaming\mysearchdial, Quarantined, [a0a941be9ddda88e304db7cff70b9b65], 

PUP.Optional.MySearchDial.A, C:\Users\Owner\AppData\Roaming\mysearchdial\icons_2.2.15.1631, Quarantined, [a0a941be9ddda88e304db7cff70b9b65], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct2474641, Quarantined, [f950dc23a5d5270f4eb6aaddc83a9070], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct2474641\xpi, Quarantined, [f950dc23a5d5270f4eb6aaddc83a9070], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct2474641\xpi\defaults, Quarantined, [f950dc23a5d5270f4eb6aaddc83a9070], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\CT3268935, Quarantined, [d5743fc0c5b58caab94bcabdb74b1be5], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3289663, Quarantined, [b396ae51e6943cfa56ae2562639f916f], 

PUP.Optional.RegCleanerPro.A, C:\Users\Owner\AppData\Roaming\Systweak\RegClean Pro, Quarantined, [8dbce51a88f285b1bf4b7512768c31cf], 

PUP.Optional.RegCleanerPro.A, C:\Users\Owner\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, Quarantined, [8dbce51a88f285b1bf4b7512768c31cf], 

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, Quarantined, [01489a65651582b48e5cf691976b6d93], 

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0, Quarantined, [01489a65651582b48e5cf691976b6d93], 

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh, Quarantined, [01489a65651582b48e5cf691976b6d93], 

PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam, Quarantined, [b89150aff58541f5d43c5b2df30f9e62], 

PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping, Quarantined, [b89150aff58541f5d43c5b2df30f9e62], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Firefox, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0, Quarantined, [85c4e619df9b979f6ede7513847e32ce], 

PUP.Optional.ValueAppsplugin.A, C:\Users\Owner\AppData\Local\Conduit\ValueApps, Quarantined, [173231ced8a25fd7a8e56a1e40c2f808], 

PUP.Optional.ValueAppsplugin.A, C:\Users\Owner\AppData\Local\Conduit\ValueApps\IE, Quarantined, [173231ced8a25fd7a8e56a1e40c2f808], 

PUP.Optional.ValueAppsplugin.A, C:\Users\Owner\AppData\Local\Conduit\ValueApps\IE\64, Quarantined, [173231ced8a25fd7a8e56a1e40c2f808], 

PUP.Optional.WeatherAlerts, C:\Users\Owner\AppData\Local\Local_Weather_LLC, Quarantined, [fb4e13ecb4c64aec7752107889793ec2], 

PUP.Optional.WeatherAlerts, C:\Users\Owner\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_2orruf4ssx50rgqojrwr42a35yx5b2wk, Quarantined, [fb4e13ecb4c64aec7752107889793ec2], 

PUP.Optional.WeatherAlerts, C:\Users\Owner\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_2orruf4ssx50rgqojrwr42a35yx5b2wk\1.4.0.0, Quarantined, [fb4e13ecb4c64aec7752107889793ec2], 

PUP.Optional.WeatherAlerts, C:\Users\Owner\AppData\Local\WeatherAlerts, Quarantined, [d97021deee8c0d29fdcdcabea9594fb1], 

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


 

JRT.txt

app log.txt

Share this post


Link to post
Share on other sites

Hi and sorry for the delay, reality kicked me out off the forums for the last days.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014

Ran by Owner (administrator) on OWNER-PC on 23-09-2014 17:43:22

Running from C:\Users\Owner\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe

() C:\Windows\jmesoft\Service.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Lenovo) C:\Windows\jmesoft\hotkey.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Windows\jmesoft\JME_LOAD.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-03] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-06] ()

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-19] (Google Inc.)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [74840 2012-04-18] (Intuit Inc.)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-19] (Google Inc.)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [backgroundContainerV2] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\MountPoints2: {cc6cb3b4-b541-11e1-b0e7-c89cdc7df61e} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: http=127.0.0.1:62196;https=127.0.0.1:62196

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com



HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

URLSearchHook: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll No File

URLSearchHook: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Program Files (x86)\Free_i-Dressup\prxtbFree.dll (Conduit Ltd.)

SearchScopes: HKLM-x32 - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = 

SearchScopes: HKCU - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Program Files (x86)\Free_i-Dressup\prxtbFree.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} -  No File

Toolbar: HKCU - No Name - {FF19B72A-36ED-4066-8865-A580AE938CCE} -  No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Winsock: Catalog9 01 C:\windows\system32\SecureAssist.dll File Not found ()

Winsock: Catalog9 02 C:\windows\system32\SecureAssist.dll File Not found ()

Winsock: Catalog9 03 C:\windows\system32\SecureAssist.dll File Not found ()

Winsock: Catalog9 04 C:\windows\system32\SecureAssist.dll File Not found ()

Winsock: Catalog9 15 C:\windows\system32\SecureAssist.dll File Not found ()

Winsock: Catalog9-x64 01 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)

Winsock: Catalog9-x64 02 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)

Winsock: Catalog9-x64 03 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)

Winsock: Catalog9-x64 04 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)

Winsock: Catalog9-x64 15 C:\windows\system32\SecureAssist64.dll [338120] (SecureAssist)

Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4jg62ymw.default-1405562448566

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)

FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-02-23]

FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR NewTab: Default -> "chrome-extension://pcpehlgijbdajfafffojllcaecaecngb/components/supertab/html/supertab.html"

CHR DefaultSearchKeyword: Default -> search.snap.do

CHR DefaultSearchProvider: Default -> Web


CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Bazaar Friend) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-01]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-01]

CHR Extension: (Content Blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-01]

CHR Extension: (savinsshaopp) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhjdknalbiahgadaadlobfcabopbann [2014-04-02]

CHR Extension: (InfoBird Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-01]

CHR Extension: (Virtual Keyboard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-01]

CHR Extension: (Vgrabber v1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb [2014-03-01]

CHR Extension: (Hukkster) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpalbmbgpoekgolgbahfhobfgfcdbofl [2014-06-09]

CHR Extension: (Free i-Dressup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop [2014-03-01]

CHR Extension: (Kaspersky Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-05-19]

CHR Extension: (InternetHelper3.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2014-03-01]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Fast Discountz) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd [2014-03-01]

CHR Extension: (MapsGalaxy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-04-05]

CHR Extension: (Search Slate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\poahfhjpeiaonjhbljfgnlllpdbnilon [2014-07-02]

CHR Extension: (Extutil) - C:\Users\Owner\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-01-15]

CHR Extension: (Managera) - C:\Users\Owner\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2013-12-24]

CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]

CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]

CHR HKLM\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]

CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]

CHR HKCU\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2013-08-07]

CHR HKCU\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]

CHR HKCU\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2013-07-22]

CHR HKCU\...\Chrome\Extension: [lhdfjaaobagbaepmefnjabfmhnggliop] - C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx [2013-08-15]

CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-04]

CHR HKCU\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]

CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2013-07-22]

CHR HKLM-x32\...\Chrome\Extension: [lhdfjaaobagbaepmefnjabfmhnggliop] - C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx [2013-08-15]

CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-08-15]

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2013-08-15]

CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-04]

CHR HKLM-x32\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2013-09-09]

CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-06] ()

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)

R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)

R2 npf; C:\windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)

S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-23 17:39 - 2014-09-23 17:43 - 00025016 _____ () C:\Users\Owner\Desktop\FRST.txt

2014-09-23 17:39 - 2014-09-23 17:36 - 02106880 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-09-12 03:08 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-09-12 03:08 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-09-12 03:08 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-09-12 03:08 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-09-12 03:08 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-09-12 03:08 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-09-12 03:08 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-09-12 03:08 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-09-12 03:08 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-09-12 03:08 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-09-12 03:08 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-09-12 03:08 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-09-12 03:08 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-09-12 03:08 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-09-12 03:08 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-09-12 03:08 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-09-12 03:08 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-09-12 03:08 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-09-12 03:08 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-09-12 03:08 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-09-12 03:08 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-09-12 03:08 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-09-12 03:08 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-09-12 03:08 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-09-12 03:08 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-09-12 03:08 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-09-12 03:08 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-09-12 03:08 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-09-12 03:08 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-09-12 03:08 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-09-12 03:08 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-09-12 03:08 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-09-12 03:08 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-09-12 03:08 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-09-12 03:08 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-09-12 03:08 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-12 03:08 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-09-12 03:08 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-09-12 03:08 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-09-12 03:08 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-09-12 03:08 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-09-12 03:08 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-09-12 03:08 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-09-12 03:08 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-09-12 03:08 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-09-12 03:08 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-09-12 03:08 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-09-12 03:08 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-09-12 03:08 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-09-12 03:08 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-09-12 03:00 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll

2014-09-12 03:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll

2014-09-11 19:05 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2014-09-11 19:05 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll

2014-09-11 19:05 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-09-11 19:05 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-09-11 19:05 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-09-11 19:05 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-09-11 19:05 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-09-11 19:05 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-09-11 19:05 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll

2014-08-31 14:21 - 2014-08-31 14:21 - 00024976 _____ () C:\Users\Owner\Desktop\JRT.txt

2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\windows\ERUNT

2014-08-31 14:16 - 2014-08-31 14:13 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe

2014-08-31 14:10 - 2014-08-31 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing

2014-08-31 14:02 - 2014-08-31 13:58 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe

2014-08-28 16:25 - 2014-08-28 16:28 - 00000000 ____D () C:\99f8b0a20e87d51b447f

2014-08-28 02:51 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

2014-08-28 02:51 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

2014-08-28 02:51 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-23 17:43 - 2014-09-23 17:39 - 00025016 _____ () C:\Users\Owner\Desktop\FRST.txt

2014-09-23 17:43 - 2014-08-04 13:35 - 00000000 ____D () C:\FRST

2014-09-23 17:43 - 2014-07-05 11:48 - 00000360 _____ () C:\windows\Tasks\CIMT_S-1-5-21-2903869773-3859282900-2980300728-1001.job

2014-09-23 17:39 - 2014-02-14 07:39 - 00000292 _____ () C:\windows\Tasks\Digital Sites.job

2014-09-23 17:38 - 2012-02-19 15:51 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job

2014-09-23 17:38 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-23 17:38 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-23 17:36 - 2014-09-23 17:39 - 02106880 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-09-23 17:35 - 2011-11-18 17:06 - 01079436 _____ () C:\windows\WindowsUpdate.log

2014-09-23 17:33 - 2012-02-08 11:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-09-23 17:32 - 2012-02-19 15:35 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-23 17:31 - 2012-02-19 15:35 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-23 17:31 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-09-23 17:31 - 2009-07-13 21:51 - 00056324 _____ () C:\windows\setupact.log

2014-09-12 15:45 - 2012-04-24 06:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-09-12 15:45 - 2012-02-19 15:51 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job

2014-09-12 03:07 - 2012-02-20 22:43 - 00775586 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2014-09-12 03:07 - 2009-07-13 22:13 - 00775586 _____ () C:\windows\system32\PerfStringBackup.INI

2014-09-12 03:06 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT

2014-09-12 03:01 - 2012-02-08 10:36 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-09-11 17:14 - 2012-02-18 17:54 - 06660096 _____ () C:\Users\Owner\Desktop\Reno.QDF-backup

2014-09-06 22:58 - 2014-03-01 23:57 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job

2014-08-31 15:02 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache

2014-08-31 14:21 - 2014-08-31 14:21 - 00024976 _____ () C:\Users\Owner\Desktop\JRT.txt

2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\windows\ERUNT

2014-08-31 14:15 - 2014-08-31 14:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing

2014-08-31 14:13 - 2014-08-31 14:16 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe

2014-08-31 14:03 - 2012-03-03 16:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Conduit

2014-08-31 13:58 - 2014-08-31 14:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe

2014-08-31 13:56 - 2014-07-10 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-28 16:32 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF

2014-08-28 16:30 - 2012-02-08 09:16 - 00000000 ____D () C:\Users\Owner

2014-08-28 16:29 - 2012-07-23 06:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client

2014-08-28 16:29 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration

2014-08-28 16:28 - 2014-08-28 16:25 - 00000000 ____D () C:\99f8b0a20e87d51b447f

2014-08-28 03:16 - 2009-07-13 22:08 - 00032544 _____ () C:\windows\Tasks\SCHEDLGU.TXT

2014-08-28 03:16 - 2009-07-13 21:45 - 00270864 _____ () C:\windows\system32\FNTCACHE.DAT

 

Files to move or delete:

====================

C:\Users\Owner\jagex_cl_runescape_LIVE.dat

C:\Users\Owner\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\17044C9643374655B64B3C9157F6FA0C.exe

C:\Users\Owner\AppData\Local\Temp\3D9900CEC91A4321B7184C1B4C2E0037.exe

C:\Users\Owner\AppData\Local\Temp\77DB_install_flashplayer11x32_mssd_aih.exe

C:\Users\Owner\AppData\Local\Temp\7za.exe

C:\Users\Owner\AppData\Local\Temp\83930CDE99DC401984B8FFC933AC8128.exe

C:\Users\Owner\AppData\Local\Temp\8449A505A3F646CEA5C038D1C1D18440.exe

C:\Users\Owner\AppData\Local\Temp\air6D52.exe

C:\Users\Owner\AppData\Local\Temp\APNStub.exe

C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe

C:\Users\Owner\AppData\Local\Temp\C0EF0C78812648DAABD5F02579487F27.exe

C:\Users\Owner\AppData\Local\Temp\ce_update.exe

C:\Users\Owner\AppData\Local\Temp\ConsumerInputSetup.exe

C:\Users\Owner\AppData\Local\Temp\EnableExtDll.dll

C:\Users\Owner\AppData\Local\Temp\helper.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\msvcr71.dll

C:\Users\Owner\AppData\Local\Temp\oi_{520D005D-91B4-4ACE-9588-7A9903F5150C}.exe

C:\Users\Owner\AppData\Local\Temp\SpOrder.dll

C:\Users\Owner\AppData\Local\Temp\SPSetup.exe

C:\Users\Owner\AppData\Local\Temp\statisticsStub.exe

C:\Users\Owner\AppData\Local\Temp\tbPag0.dll

C:\Users\Owner\AppData\Local\Temp\tbVgr0.dll

C:\Users\Owner\AppData\Local\Temp\TB_63A7.exe

C:\Users\Owner\AppData\Local\Temp\uninst1.exe

C:\Users\Owner\AppData\Local\Temp\v-bates.exe

C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Owner\AppData\Local\Temp\YontooIEClient.dll

C:\Users\Owner\AppData\Local\Temp\YontooSetup-Silent.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 00:46

 

==================== End Of Log ============================

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014

Ran by Owner at 2014-09-23 17:43:43

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Anti-Virus (Enabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avery Template (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000008}) (Version: 2.0.0.0 - Avery)

AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.0.49 - AVG Technologies)

Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)

Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden

Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION

eMusic Download Manager (HKLM-x32\...\eMusic Download Manager 5.0.5) (Version: 5.0.5 - eMusic.com Inc.)

Free i-Dressup Toolbar (HKLM-x32\...\Free_i-Dressup Toolbar) (Version: 6.15.0.27 - Free i-Dressup)

Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)

Image Editor Packages (HKCU\...\Image Editor Packages) (Version:  - ) <==== ATTENTION

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)

InternetHelper3.1 Toolbar (HKLM-x32\...\InternetHelper3.1 Toolbar) (Version: 6.14.0.28 - InternetHelper3.1)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden

JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)

Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)

Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)

Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden

LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance)

LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Muvic Smartbar (HKLM-x32\...\{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION

Muvic Smartbar Engine (HKCU\...\{22b9429d-b2b6-4f1a-b56a-190a0445f4a5}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION

PDF Creator (HKLM\...\PDF Creator) (Version:  - )

PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION

Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)

SavEroAddOn (HKLM-x32\...\{10A0E600-D246-BD63-F465-4C849C688998}) (Version:  - SaVErAddon)

SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden

TurboTax 2012 woriper (x32 Version: 012.000.1483 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1755 - Intuit Inc.) Hidden

TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0463 - Intuit Inc.) Hidden

TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0162 - Intuit Inc.) Hidden

TurboTax 2013 woriper (x32 Version: 013.000.1237 - Intuit Inc.) Hidden

TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

Vgrabber v1 Toolbar (HKLM-x32\...\Vgrabber_v1 Toolbar) (Version: 6.13.3.1 - Vgrabber v1) <==== ATTENTION

Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )

Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2903869773-3859282900-2980300728-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2903869773-3859282900-2980300728-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

 

==================== Restore Points  =========================

 

14-08-2014 23:19:37 Windows Update

15-08-2014 10:00:11 Windows Update

18-08-2014 15:35:51 Windows Update

18-08-2014 18:17:33 Windows Backup

22-08-2014 19:10:57 Windows Update

23-08-2014 16:23:13 Windows Update

26-08-2014 18:58:47 Windows Update

28-08-2014 10:00:10 Windows Update

28-08-2014 23:25:01 Windows Update

28-08-2014 23:28:02 Restore Operation

29-08-2014 10:00:20 Windows Update

05-09-2014 00:10:18 Windows Backup

05-09-2014 00:12:10 Windows Update

12-09-2014 02:01:46 Windows Update

12-09-2014 10:00:13 Windows Update

24-09-2014 00:41:42 Windows Backup

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 19:34 - 2014-07-05 11:46 - 00000867 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 d3oxij66pru1i3.cloudfront.net

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {130E0CB2-1595-42C4-B145-C0195AFBC120} - \TidyNetwork Update No Task File <==== ATTENTION

Task: {17BB5AFE-1C82-49BA-8BE8-6F506E533BD4} - System32\Tasks\{0A4461E2-8077-4842-8314-A1298B006C20} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)

Task: {1A4B9D7B-3994-41E2-B70B-5211581D175D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {1B2E8D3F-14A2-400C-80A6-D42CFA2C14E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {1B630465-2BB3-4E4C-8AA7-734A0029A30E} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

Task: {1C5CB8F9-E13B-4D18-876A-A1778AA07474} - System32\Tasks\DTReg => C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION

Task: {30877E05-67D2-409C-9324-5DD2B8C90F6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {3C0310D8-7F13-4797-A06F-0F15F87327FD} - System32\Tasks\Digital Sites => C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {4ADFF985-B67E-4539-989C-D62ADA9BEF99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {6680188B-0E1D-4B87-BB22-88A1713FE395} - System32\Tasks\{AFACE052-54AC-4164-A084-A6487EB1AE71} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)

Task: {71509687-05A0-4A62-A170-18CD1B70E87B} - System32\Tasks\CIMT_S-1-5-21-2903869773-3859282900-2980300728-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

Task: {7C3D52D6-EB49-47D8-A06B-D150E58361FE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {8A5DDA80-1715-4757-BE8B-CC8199B9EC68} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {8DDE19FF-0CA7-4D6D-B78C-767A381BA102} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)

Task: {9719B513-D667-4A47-89F6-F5DA77EC544A} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {9CDAC421-42E9-4874-B424-147BDA9B49AB} - System32\Tasks\{AE9451BA-4FD0-47C7-B128-57E201AC148B} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)

Task: {A73565A6-3AF9-4BEA-9369-E98C5CE434F8} - System32\Tasks\PC System Boost Schedule => C:\Program Files (x86)\PC System Boost\PCSBLauncher.exe

Task: {D297A443-5C1F-42E4-B722-27AC612450FF} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION

Task: {D2BBAD00-89CA-40B1-B1DE-B185C00BB303} - \DealPly No Task File <==== ATTENTION

Task: {E87A8994-388C-44A1-AD96-46E72155EC44} - System32\Tasks\Codec Update Service => C:\Users\Owner\AppData\Roaming\Windows Codec\AutoUpdate.exe [2014-06-21] ()

Task: {ED4BF54A-C0BC-4FAE-B10F-430E00C271BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\windows\Tasks\CIMT_S-1-5-21-2903869773-3859282900-2980300728-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe

Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-06-10 19:16 - 2011-10-04 22:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll

2010-11-19 03:22 - 2010-11-11 21:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-05-06 02:25 - 2014-05-06 02:25 - 00284960 _____ () C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe

2011-11-18 17:09 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe

2013-06-10 18:34 - 2014-02-03 16:29 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

2011-11-18 17:09 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe

2012-08-17 22:39 - 2013-02-25 02:48 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll

2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

2014-01-10 08:49 - 2014-01-10 08:49 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-11-18 17:09 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/23/2014 05:41:37 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/23/2014 05:33:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/23/2014 05:32:08 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Click-2-Run package registration failure.

 

Error: (09/23/2014 05:32:08 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=87C}

The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 24600F0A-10000001, original rc 24600F0A-10000001).

 

Error: (09/23/2014 05:31:31 PM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1411518691&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/23/2014 05:31:31 PM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

Error: (09/12/2014 03:57:15 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1410519435&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/12/2014 03:57:15 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

Error: (09/12/2014 03:42:02 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1410518522&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/12/2014 03:42:02 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

 

System errors:

=============

Error: (09/23/2014 05:32:16 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

Error: (09/23/2014 05:41:37 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/23/2014 05:33:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/23/2014 05:32:08 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Click-2-Run package registration failure.

 

Error: (09/23/2014 05:32:08 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=87C}


 

Error: (09/23/2014 05:31:31 PM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1411518691&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/23/2014 05:31:31 PM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

Error: (09/12/2014 03:57:15 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1410519435&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/12/2014 03:57:15 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

Error: (09/12/2014 03:42:02 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1410518522&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/12/2014 03:42:02 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-12 00:35:20.756

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-12 00:35:20.741

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-12 00:35:20.741

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-12 00:35:20.725

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-12 00:35:20.725

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-12 00:35:20.725

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-05 23:45:31.355

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-05 23:45:31.339

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-05 23:45:31.339

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-05 23:45:31.323

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-2120 CPU @ 3.30GHz

Percentage of memory in use: 22%

Total physical RAM: 8040.37 MB

Available physical RAM: 6239.79 MB

Total Pagefile: 16078.92 MB

Available Pagefile: 14254.52 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:906.34 GB) (Free:837.7 GB) NTFS

Drive d: (Jul 16 2014) (CDROM) (Total:0.69 GB) (Free:0.64 GB) UDF

Drive e: () (Removable) (Total:1.87 GB) (Free:1.3 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 972414AA)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

 

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hi.
 
Please try to visit this thread at least daily.



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Share this post


Link to post
Share on other sites
ComboFix 14-09-22.01 - Owner 09/26/2014  20:06:55.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8040.6353 [GMT -7:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\NewPlayer

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhjdknalbiahgadaadlobfcabopbann

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhjdknalbiahgadaadlobfcabopbann\2.3\background.html

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhjdknalbiahgadaadlobfcabopbann\2.3\content.js

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhjdknalbiahgadaadlobfcabopbann\2.3\lsdb.js

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhjdknalbiahgadaadlobfcabopbann\2.3\manifest.json

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpalbmbgpoekgolgbahfhobfgfcdbofl

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpalbmbgpoekgolgbahfhobfgfcdbofl\168\background.html

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpalbmbgpoekgolgbahfhobfgfcdbofl\168\content.js

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpalbmbgpoekgolgbahfhobfgfcdbofl\168\lsdb.js

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpalbmbgpoekgolgbahfhobfgfcdbofl\168\manifest.json

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hnhjdknalbiahgadaadlobfcabopbann_0.localstorage-journal

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hnhjdknalbiahgadaadlobfcabopbann_0.localstorage

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpalbmbgpoekgolgbahfhobfgfcdbofl_0.localstorage-journal

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpalbmbgpoekgolgbahfhobfgfcdbofl_0.localstorage

c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\Owner\AppData\Local\newplayer

c:\users\Owner\AppData\Local\newplayer\log.txt

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((((((((((((   Files Created from 2014-08-27 to 2014-09-27  )))))))))))))))))))))))))))))))

.

.

2014-09-12 10:08 . 2014-08-18 22:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-09-12 10:00 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2014-09-12 10:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2014-09-12 02:05 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-09-12 02:05 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

2014-09-12 02:05 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2014-09-12 02:05 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2014-09-12 02:05 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll

2014-09-12 02:05 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-09-12 02:05 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-09-12 02:05 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll

2014-09-12 02:05 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-09-12 02:02 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1761B3AA-74E0-4D9A-BDDF-88485885FB25}\mpengine.dll

2014-08-31 21:16 . 2014-08-31 21:16 -------- d-----w- c:\windows\ERUNT

2014-08-31 21:10 . 2014-08-31 21:15 -------- d-----w- c:\users\Owner\AppData\Roaming\Nico Mak Computing

2014-08-28 23:25 . 2014-08-28 23:28 -------- d-----w- C:\99f8b0a20e87d51b447f

2014-08-28 09:51 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-28 09:51 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys

2014-08-28 09:51 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-12 10:01 . 2012-02-08 17:36 101694776 ----a-w- c:\windows\system32\MRT.exe

2014-08-31 21:34 . 2012-07-22 23:47 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-08-31 20:56 . 2014-07-11 02:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-08-05 16:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-07-25 09:35 . 2014-07-25 09:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-25 06:47 . 2014-07-25 06:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

2014-07-16 03:23 . 2014-08-14 23:23 2048 ----a-w- c:\windows\system32\tzres.dll

2014-07-16 02:46 . 2014-08-14 23:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-07-14 02:02 . 2014-08-14 23:22 1216000 ----a-w- c:\windows\system32\rpcrt4.dll

2014-07-14 01:40 . 2014-08-14 23:22 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2014-07-09 05:03 . 2012-04-24 13:27 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-07-09 05:03 . 2012-02-17 13:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-09 05:03 . 2014-07-09 05:03 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-07-09 02:03 . 2014-08-14 23:23 7168 ----a-w- c:\windows\system32\KBDYAK.DLL

2014-07-09 02:03 . 2014-08-14 23:23 7168 ----a-w- c:\windows\system32\KBDTAT.DLL

2014-07-09 02:03 . 2014-08-14 23:23 7168 ----a-w- c:\windows\system32\KBDRU1.DLL

2014-07-09 02:03 . 2014-08-14 23:23 6656 ----a-w- c:\windows\system32\KBDRU.DLL

2014-07-09 02:03 . 2014-08-14 23:23 7168 ----a-w- c:\windows\system32\KBDBASH.DLL

2014-07-09 01:31 . 2014-08-14 23:23 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL

2014-07-09 01:31 . 2014-08-14 23:23 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL

2014-06-30 22:24 . 2014-08-15 10:00 8856 ----a-w- c:\windows\system32\icardres.dll

2014-06-30 22:14 . 2014-08-15 10:00 8856 ----a-w- c:\windows\SysWow64\icardres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ff19b72a-36ed-4066-8865-a580ae938cce}"= "c:\program files (x86)\Free_i-Dressup\prxtbFree.dll" [2013-07-17 226592]

.

[HKEY_CLASSES_ROOT\clsid\{ff19b72a-36ed-4066-8865-a580ae938cce}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-19 74840]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-19 39408]

"BackgroundContainerV2"="c:\users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2014-04-10 325952]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2014-06-05 248176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]

"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-14 222504]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-10-09 356128]

"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-02-03 2552856]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"ChromeHelper"="c:\program files (x86)\Common Files\ChromeHelper\ChromeHelper.exe" [2014-05-06 737568]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpUninstallDeleteDir"="rmdir" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]

S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]

S2 ChromeHelperUpdt;ChromeHelperUpdt;c:\program files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe;c:\program files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2014-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 05:03]

.

2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 22:35]

.

2014-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 22:35]

.

2014-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 22:40]

.

2014-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 22:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]

.

------- Supplementary Scan -------

.

uStart Page = www.google.com

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = http=127.0.0.1:62196;https=127.0.0.1:62196

uSearchAssistant = www.google.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4jg62ymw.default-1405562448566\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

WebBrowser-{7F7F82F1-7C95-47CD-814F-950B56D58FC3} - (no file)

WebBrowser-{FF19B72A-36ED-4066-8865-A580AE938CCE} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-InternetHelper3.1 Toolbar - c:\program files (x86)\InternetHelper3.1\uninstall.exe

AddRemove-Vgrabber_v1 Toolbar - c:\program files (x86)\Vgrabber_v1\uninstall.exe

AddRemove-{10A0E600-D246-BD63-F465-4C849C688998} - c:\programdata\SavEroAddOn\Cx1q.exe

AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2014-09-26  20:28:32 - machine was rebooted

ComboFix-quarantined-files.txt  2014-09-27 03:28

.

Pre-Run: 899,180,990,464 bytes free

Post-Run: 901,624,205,312 bytes free

.

- - End Of File - - EDF1A2715DC079BFAC3C55E21E70351C

A36C5E4F47E84449FF07ED3517B43A31

Share this post


Link to post
Share on other sites

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

 

Next,

 

Please run a new FRST scan but make sure you place a check mark in the Additions.txt check box and post back both new logs on your next reply.

Share this post


Link to post
Share on other sites
JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Mon Sep 29 10:31:11 2014

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: Applications\java.exe

 

Found and removed: Applications\javaw.exe

 

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

 

Found and removed: Software\JavaSoft\Java Update

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

 

Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

 

Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401

 

Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B338232391207FF

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C

 

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet

 

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file

 

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

 

Found and removed: SOFTWARE\Classes\.jar

 

Found and removed: SOFTWARE\Classes\.jnlp

 

Found and removed: SOFTWARE\Classes\jarfile

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

 

Found and removed: SOFTWARE\Classes\JNLPFile

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

 

Found and removed: SOFTWARE\JavaSoft

 

Found and removed: SOFTWARE\JreMetrics

 

------------------------------------

 

Finished reporting.

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014

Ran by Owner (administrator) on OWNER-PC on 29-09-2014 10:38:17

Running from C:\Users\Owner\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe

() C:\Windows\jmesoft\Service.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

() C:\Windows\jmesoft\JME_LOAD.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-03] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-06] ()

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [74840 2012-04-18] (Intuit Inc.)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-19] (Google Inc.)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [backgroundContainerV2] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: http=127.0.0.1:62196;https=127.0.0.1:62196

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

URLSearchHook: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll No File

URLSearchHook: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Program Files (x86)\Free_i-Dressup\prxtbFree.dll (Conduit Ltd.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = 

SearchScopes: HKCU - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Program Files (x86)\Free_i-Dressup\prxtbFree.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} -  No File

Toolbar: HKCU - No Name - {FF19B72A-36ED-4066-8865-A580AE938CCE} -  No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4jg62ymw.default-1405562448566

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)

FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-02-23]

FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

 

Chrome: 

=======

CHR DefaultSearchKeyword: Default -> search.snap.do

CHR DefaultSearchProvider: Default -> Web


CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-26]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-26]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-26]

CHR Extension: (Bazaar Friend) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-01]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-26]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-01]

CHR Extension: (Content Blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-01]

CHR Extension: (InfoBird Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-01]

CHR Extension: (Virtual Keyboard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-01]

CHR Extension: (Vgrabber v1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb [2014-03-01]

CHR Extension: (Free i-Dressup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop [2014-03-01]

CHR Extension: (Kaspersky Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-05-19]

CHR Extension: (InternetHelper3.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2014-03-01]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Fast Discountz) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd [2014-03-01]

CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-04-05]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-26]

CHR Extension: (Search Slate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\poahfhjpeiaonjhbljfgnlllpdbnilon [2014-07-02]

CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]

CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]

CHR HKLM\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]

CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]

CHR HKCU\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2013-08-07]

CHR HKCU\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]

CHR HKCU\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2013-07-22]

CHR HKCU\...\Chrome\Extension: [lhdfjaaobagbaepmefnjabfmhnggliop] - C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx [2013-08-15]

CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-04]

CHR HKCU\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]

CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Owner\AppData\Local\BazaarFriend.crx [2013-08-07]

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\Owner\AppData\Local\InfoBirdPro.crx [2013-08-17]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [jnidgldcbakaidffpjinopjbmobecifb] - C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx [2013-07-22]

CHR HKLM-x32\...\Chrome\Extension: [lhdfjaaobagbaepmefnjabfmhnggliop] - C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx [2013-08-15]

CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-08-15]

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2013-08-15]

CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-04]

CHR HKLM-x32\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\Owner\AppData\Local\FastDiscountz.crx [2013-09-09]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2013-09-09]

CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-06] ()

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)

R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-29 10:35 - 2014-09-29 10:32 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe

2014-09-29 10:31 - 2014-09-29 10:31 - 00060179 _____ () C:\JavaRa.log

2014-09-29 10:29 - 2014-09-29 10:30 - 00000000 ____D () C:\Users\Owner\Desktop\Remove Java

2014-09-29 10:29 - 2014-09-28 00:03 - 00165800 _____ () C:\Users\Owner\Desktop\JavaRa-1.16-20-1-14.zip

2014-09-26 20:28 - 2014-09-26 20:28 - 00021570 _____ () C:\ComboFix.txt

2014-09-26 20:04 - 2014-09-26 20:28 - 00000000 ____D () C:\Qoobox

2014-09-26 20:04 - 2014-09-26 20:27 - 00000000 ____D () C:\windows\erdnt

2014-09-26 20:04 - 2014-09-24 23:16 - 05579290 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe

2014-09-26 20:04 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe

2014-09-26 20:04 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe

2014-09-26 20:04 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe

2014-09-23 17:43 - 2014-09-23 17:44 - 00030503 _____ () C:\Users\Owner\Desktop\Addition.txt

2014-09-23 17:39 - 2014-09-29 10:38 - 00022090 _____ () C:\Users\Owner\Desktop\FRST.txt

2014-09-23 17:39 - 2014-09-23 17:36 - 02106880 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-09-12 03:08 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-09-12 03:08 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-09-12 03:08 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-09-12 03:08 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-09-12 03:08 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-09-12 03:08 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-09-12 03:08 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-09-12 03:08 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-09-12 03:08 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-09-12 03:08 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-09-12 03:08 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-09-12 03:08 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-09-12 03:08 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-09-12 03:08 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-09-12 03:08 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-09-12 03:08 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-09-12 03:08 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-09-12 03:08 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-09-12 03:08 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-09-12 03:08 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-09-12 03:08 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-09-12 03:08 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-09-12 03:08 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-09-12 03:08 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-09-12 03:08 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-09-12 03:08 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-09-12 03:08 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-09-12 03:08 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-09-12 03:08 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-09-12 03:08 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-09-12 03:08 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-09-12 03:08 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-09-12 03:08 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-09-12 03:08 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-09-12 03:08 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-09-12 03:08 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-12 03:08 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-09-12 03:08 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-09-12 03:08 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-09-12 03:08 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-09-12 03:08 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-09-12 03:08 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-09-12 03:08 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-09-12 03:08 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-09-12 03:08 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-09-12 03:08 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-09-12 03:08 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-09-12 03:08 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-09-12 03:08 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-09-12 03:08 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-09-12 03:00 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll

2014-09-12 03:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll

2014-09-11 19:05 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2014-09-11 19:05 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll

2014-09-11 19:05 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-09-11 19:05 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-09-11 19:05 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-09-11 19:05 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-09-11 19:05 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-09-11 19:05 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-09-11 19:05 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll

2014-08-31 14:21 - 2014-08-31 14:21 - 00024976 _____ () C:\Users\Owner\Desktop\JRT.txt

2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\windows\ERUNT

2014-08-31 14:16 - 2014-08-31 14:13 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe

2014-08-31 14:10 - 2014-08-31 14:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing

2014-08-31 14:02 - 2014-08-31 13:58 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-29 10:38 - 2014-09-23 17:39 - 00022090 _____ () C:\Users\Owner\Desktop\FRST.txt

2014-09-29 10:38 - 2014-08-04 13:35 - 00000000 ____D () C:\FRST

2014-09-29 10:38 - 2012-02-19 15:51 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job

2014-09-29 10:35 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-29 10:35 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-29 10:32 - 2014-09-29 10:35 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe

2014-09-29 10:32 - 2012-02-19 15:35 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-29 10:32 - 2011-11-18 17:06 - 01100607 _____ () C:\windows\WindowsUpdate.log

2014-09-29 10:31 - 2014-09-29 10:31 - 00060179 _____ () C:\JavaRa.log

2014-09-29 10:30 - 2014-09-29 10:29 - 00000000 ____D () C:\Users\Owner\Desktop\Remove Java

2014-09-29 10:29 - 2012-02-08 11:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-09-29 10:28 - 2012-02-19 15:35 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-29 10:28 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-09-29 10:28 - 2009-07-13 21:51 - 00056977 _____ () C:\windows\setupact.log

2014-09-28 00:03 - 2014-09-29 10:29 - 00165800 _____ () C:\Users\Owner\Desktop\JavaRa-1.16-20-1-14.zip

2014-09-27 17:17 - 2012-02-19 15:51 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job

2014-09-27 17:03 - 2012-04-24 06:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-09-26 20:43 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF

2014-09-26 20:28 - 2014-09-26 20:28 - 00021570 _____ () C:\ComboFix.txt

2014-09-26 20:28 - 2014-09-26 20:04 - 00000000 ____D () C:\Qoobox

2014-09-26 20:28 - 2009-07-13 20:20 - 00000000 ___HD () C:\Users\Default

2014-09-26 20:27 - 2014-09-26 20:04 - 00000000 ____D () C:\windows\erdnt

2014-09-26 20:25 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini

2014-09-26 20:24 - 2010-11-20 20:47 - 01068064 _____ () C:\windows\PFRO.log

2014-09-26 20:24 - 2009-07-13 19:34 - 66584576 _____ () C:\windows\system32\config\SOFTWARE.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 17563648 _____ () C:\windows\system32\config\SYSTEM.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak

2014-09-24 23:16 - 2014-09-26 20:04 - 05579290 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe

2014-09-23 18:11 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache

2014-09-23 17:44 - 2014-09-23 17:43 - 00030503 _____ () C:\Users\Owner\Desktop\Addition.txt

2014-09-23 17:36 - 2014-09-23 17:39 - 02106880 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-09-12 03:07 - 2012-02-20 22:43 - 00775586 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2014-09-12 03:07 - 2009-07-13 22:13 - 00775586 _____ () C:\windows\system32\PerfStringBackup.INI

2014-09-12 03:06 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT

2014-09-12 03:01 - 2012-02-08 10:36 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-09-11 17:14 - 2012-02-18 17:54 - 06660096 _____ () C:\Users\Owner\Desktop\Reno.QDF-backup

2014-08-31 14:21 - 2014-08-31 14:21 - 00024976 _____ () C:\Users\Owner\Desktop\JRT.txt

2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\windows\ERUNT

2014-08-31 14:15 - 2014-08-31 14:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nico Mak Computing

2014-08-31 14:13 - 2014-08-31 14:16 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe

2014-08-31 14:03 - 2012-03-03 16:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\Conduit

2014-08-31 13:58 - 2014-08-31 14:02 - 04892480 _____ (WinZip International LLC ) C:\Users\Owner\Desktop\wzmp_8.exe

2014-08-31 13:56 - 2014-07-10 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

 

Files to move or delete:

====================

C:\Users\Owner\jagex_cl_runescape_LIVE.dat

C:\Users\Owner\random.dat

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 21:16

 

==================== End Of Log ============================

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014

Ran by Owner at 2014-09-29 10:39:15

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Anti-Virus (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avery Template (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000008}) (Version: 2.0.0.0 - Avery)

AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.0.49 - AVG Technologies)

Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden

Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION

eMusic Download Manager (HKLM-x32\...\eMusic Download Manager 5.0.5) (Version: 5.0.5 - eMusic.com Inc.)

Free i-Dressup Toolbar (HKLM-x32\...\Free_i-Dressup Toolbar) (Version: 6.15.0.27 - Free i-Dressup)

Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)

Image Editor Packages (HKCU\...\Image Editor Packages) (Version:  - ) <==== ATTENTION

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)

InternetHelper3.1 Toolbar (HKLM-x32\...\InternetHelper3.1 Toolbar) (Version: 6.14.0.28 - InternetHelper3.1)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)

JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)

Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)

Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)

Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden

LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance)

LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Muvic Smartbar (HKLM-x32\...\{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION

Muvic Smartbar Engine (HKCU\...\{22b9429d-b2b6-4f1a-b56a-190a0445f4a5}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION

PDF Creator (HKLM\...\PDF Creator) (Version:  - )

PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION

Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)

SavEroAddOn (HKLM-x32\...\{10A0E600-D246-BD63-F465-4C849C688998}) (Version:  - SaVErAddon)

SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden

TurboTax 2012 woriper (x32 Version: 012.000.1483 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1755 - Intuit Inc.) Hidden

TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0463 - Intuit Inc.) Hidden

TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0162 - Intuit Inc.) Hidden

TurboTax 2013 woriper (x32 Version: 013.000.1237 - Intuit Inc.) Hidden

TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

Vgrabber v1 Toolbar (HKLM-x32\...\Vgrabber_v1 Toolbar) (Version: 6.13.3.1 - Vgrabber v1) <==== ATTENTION

Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )

Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2903869773-3859282900-2980300728-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2903869773-3859282900-2980300728-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

 

==================== Restore Points  =========================

 

18-08-2014 18:17:33 Windows Backup

22-08-2014 19:10:57 Windows Update

23-08-2014 16:23:13 Windows Update

26-08-2014 18:58:47 Windows Update

28-08-2014 10:00:10 Windows Update

28-08-2014 23:25:01 Windows Update

28-08-2014 23:28:02 Restore Operation

29-08-2014 10:00:20 Windows Update

05-09-2014 00:10:18 Windows Backup

05-09-2014 00:12:10 Windows Update

12-09-2014 02:01:46 Windows Update

12-09-2014 10:00:13 Windows Update

24-09-2014 00:41:42 Windows Backup

27-09-2014 03:05:04 ComboFix created restore point

29-09-2014 17:38:36 Windows Backup

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 19:34 - 2014-09-26 20:25 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {130E0CB2-1595-42C4-B145-C0195AFBC120} - \TidyNetwork Update No Task File <==== ATTENTION

Task: {17BB5AFE-1C82-49BA-8BE8-6F506E533BD4} - System32\Tasks\{0A4461E2-8077-4842-8314-A1298B006C20} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)

Task: {1A4B9D7B-3994-41E2-B70B-5211581D175D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {1B2E8D3F-14A2-400C-80A6-D42CFA2C14E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {1B630465-2BB3-4E4C-8AA7-734A0029A30E} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

Task: {1C5CB8F9-E13B-4D18-876A-A1778AA07474} - System32\Tasks\DTReg => C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION

Task: {30877E05-67D2-409C-9324-5DD2B8C90F6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {4ADFF985-B67E-4539-989C-D62ADA9BEF99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {6680188B-0E1D-4B87-BB22-88A1713FE395} - System32\Tasks\{AFACE052-54AC-4164-A084-A6487EB1AE71} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)

Task: {7C3D52D6-EB49-47D8-A06B-D150E58361FE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {8A5DDA80-1715-4757-BE8B-CC8199B9EC68} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {8DDE19FF-0CA7-4D6D-B78C-767A381BA102} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)

Task: {9CDAC421-42E9-4874-B424-147BDA9B49AB} - System32\Tasks\{AE9451BA-4FD0-47C7-B128-57E201AC148B} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)

Task: {A73565A6-3AF9-4BEA-9369-E98C5CE434F8} - System32\Tasks\PC System Boost Schedule => C:\Program Files (x86)\PC System Boost\PCSBLauncher.exe

Task: {D297A443-5C1F-42E4-B722-27AC612450FF} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION

Task: {D2BBAD00-89CA-40B1-B1DE-B185C00BB303} - \DealPly No Task File <==== ATTENTION

Task: {E87A8994-388C-44A1-AD96-46E72155EC44} - System32\Tasks\Codec Update Service => C:\Users\Owner\AppData\Roaming\Windows Codec\AutoUpdate.exe [2014-06-21] ()

Task: {ED4BF54A-C0BC-4FAE-B10F-430E00C271BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-06-10 19:16 - 2011-10-04 22:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll

2014-05-06 02:25 - 2014-05-06 02:25 - 00284960 _____ () C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe

2011-11-18 17:09 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe

2010-11-19 03:22 - 2010-11-11 21:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-11-18 17:09 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-08-17 22:39 - 2013-02-25 02:48 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll

2011-11-18 17:09 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/29/2014 10:38:43 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/29/2014 10:30:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/29/2014 10:29:13 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Click-2-Run package registration failure.

 

Error: (09/29/2014 10:29:13 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=CC8}

The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 24600F0A-10000001, original rc 24600F0A-10000001).

 

Error: (09/29/2014 10:28:28 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1412011707&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/29/2014 10:28:28 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

Error: (09/29/2014 10:27:21 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/29/2014 10:26:34 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Click-2-Run package registration failure.

 

Error: (09/29/2014 10:26:34 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=D38}

The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 24600F0A-10000001, original rc 24600F0A-10000001).

 

Error: (09/29/2014 10:25:50 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1412011547&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

 

System errors:

=============

Error: (09/29/2014 10:35:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/26/2014 08:36:20 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (09/26/2014 08:23:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (09/26/2014 08:23:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (09/26/2014 08:23:03 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (09/26/2014 08:19:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (09/26/2014 08:06:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The JME Keyboard Driver service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/23/2014 05:32:16 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

Error: (09/29/2014 10:38:43 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (09/29/2014 10:30:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/29/2014 10:29:13 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Click-2-Run package registration failure.

 

Error: (09/29/2014 10:29:13 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=CC8}


 

Error: (09/29/2014 10:28:28 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1412011707&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

Error: (09/29/2014 10:28:28 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Send failed, code: 12007

 

Error: (09/29/2014 10:27:21 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/29/2014 10:26:34 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Click-2-Run package registration failure.

 

Error: (09/29/2014 10:26:34 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=D38}


 

Error: (09/29/2014 10:25:50 AM) (Source: ChromeHelper) (EventID: 2) (User: )

Description: Can't download info about new versions from: http://free-updater-now.com/updater/u.php?timestamp=1412011547&app_id=A8730EED1BA6494A8802A9F9C3F556B9&version=1.66&updaterVersion=1.3.0&protocolVersion=1.1&channel=cff_Ironcore3, to local path: C:\windows\TEMP\ChromeHelperUpdt_update.txt

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-26 21:51:59.927

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-26 21:51:59.925

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-26 21:51:59.923

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-26 21:51:59.909

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-26 21:51:59.908

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-26 21:51:59.905

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-26 20:23:03.339

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-09-26 20:23:03.276

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-09-23 18:05:24.740

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-23 18:05:24.740

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-2120 CPU @ 3.30GHz

Percentage of memory in use: 20%

Total physical RAM: 8040.37 MB

Available physical RAM: 6375.39 MB

Total Pagefile: 16078.92 MB

Available Pagefile: 14352.82 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:906.34 GB) (Free:840.15 GB) NTFS

Drive e: () (Removable) (Total:1.87 GB) (Free:1.3 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 972414AA)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

 

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Wow, crazy... this computer is still heavily infected. Not sure how you got it this infected and were still able to use it at all.

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Share this post


Link to post
Share on other sites
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014

Ran by Owner at 2014-10-02 10:13:20 Run:1

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

C:\Program Files (x86)\Free_i-Dressup

C:\Program Files (x86)\RegClean Pro

C:\Users\Owner\AppData\Local\Conduit

C:\Users\Owner\AppData\Roaming\DefaultTab\

C:\Users\Owner\jagex_cl_runescape_LIVE.dat

C:\Users\Owner\random.dat

CHR DefaultSearchKeyword: Default -> search.snap.do

CHR DefaultSearchProvider: Default -> Web

CHR DefaultSearchURL: Default -> http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-03] ()

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [backgroundContainerV2] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-19] (Google Inc.)

ProxyServer: http=127.0.0.1:62196;https=127.0.0.1:62196

R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-06] ()

SearchScopes: HKCU - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

SearchScopes: HKLM-x32 - DefaultScope {0511DB15-22C5-4E83-9801-723498761F6F} URL = 

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: {130E0CB2-1595-42C4-B145-C0195AFBC120} - \TidyNetwork Update No Task File <==== ATTENTION

Task: {1A4B9D7B-3994-41E2-B70B-5211581D175D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {1B2E8D3F-14A2-400C-80A6-D42CFA2C14E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {1B630465-2BB3-4E4C-8AA7-734A0029A30E} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

Task: {1C5CB8F9-E13B-4D18-876A-A1778AA07474} - System32\Tasks\DTReg => C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION

Task: {30877E05-67D2-409C-9324-5DD2B8C90F6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {4ADFF985-B67E-4539-989C-D62ADA9BEF99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {8A5DDA80-1715-4757-BE8B-CC8199B9EC68} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {A73565A6-3AF9-4BEA-9369-E98C5CE434F8} - System32\Tasks\PC System Boost Schedule => C:\Program Files (x86)\PC System Boost\PCSBLauncher.exe

Task: {D297A443-5C1F-42E4-B722-27AC612450FF} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION

Task: {D2BBAD00-89CA-40B1-B1DE-B185C00BB303} - \DealPly No Task File <==== ATTENTION

Task: {E87A8994-388C-44A1-AD96-46E72155EC44} - System32\Tasks\Codec Update Service => C:\Users\Owner\AppData\Roaming\Windows Codec\AutoUpdate.exe [2014-06-21] ()

Task: {ED4BF54A-C0BC-4FAE-B10F-430E00C271BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} -  No File

Toolbar: HKCU - No Name - {FF19B72A-36ED-4066-8865-A580AE938CCE} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Program Files (x86)\Free_i-Dressup\prxtbFree.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File

Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File

URLSearchHook: HKLM-x32 - Free i-Dressup Toolbar - {ff19b72a-36ed-4066-8865-a580ae938cce} - C:\Program Files (x86)\Free_i-Dressup\prxtbFree.dll (Conduit Ltd.)

URLSearchHook: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll No File

 

*****************

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.

"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.

C:\Program Files (x86)\Free_i-Dressup => Moved successfully.

"C:\Program Files (x86)\RegClean Pro" => File/Directory not found.

C:\Users\Owner\AppData\Local\Conduit => Moved successfully.

"C:\Users\Owner\AppData\Roaming\DefaultTab" => File/Directory not found.

C:\Users\Owner\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Owner\random.dat => Moved successfully.

Chrome DefaultSearchKeyword deleted successfully.

CHR DefaultSearchProvider: Default -> Web ==> The Chrome "Settings" can be used to fix the entry.

Chrome DefaultSearchURL deleted successfully.

Chrome DefaultSuggestURL deleted successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd => Moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop => Moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb => Moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\poahfhjpeiaonjhbljfgnlllpdbnilon => Moved successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb => Moved successfully.

"HKCU\SOFTWARE\Google\Chrome\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh" => Key deleted successfully.

C:\Users\Owner\AppData\Local\BazaarFriend.crx => Moved successfully.

"HKCU\SOFTWARE\Google\Chrome\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx" => File/Directory not found.

"HKCU\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl" => Key deleted successfully.

C:\Users\Owner\AppData\Local\InfoBirdPro.crx => Moved successfully.

"HKCU\SOFTWARE\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb" => Key deleted successfully.

C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx => Moved successfully.

"HKCU\SOFTWARE\Google\Chrome\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop" => Key deleted successfully.

C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx => Moved successfully.

"HKCU\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim" => Key deleted successfully.

C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx => Moved successfully.

"HKCU\SOFTWARE\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd" => Key deleted successfully.

C:\Users\Owner\AppData\Local\FastDiscountz.crx => Moved successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\BazaarFriend.crx" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\CRE\lhdfjaaobagbaepmefnjabfmhnggliop.crx" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => Key deleted successfully.

"https://chrome.googl...dnajaicnklhfplh" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.

"C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\FastDiscountz.crx" => File/Directory not found.

"HKLM\SOFTWARE\Google\Chrome\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\BazaarFriend.crx" => File/Directory not found.

"HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\InfoBirdPro.crx" => File/Directory not found.

"HKLM\SOFTWARE\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd" => Key deleted successfully.

"C:\Users\Owner\AppData\Local\FastDiscountz.crx" => File/Directory not found.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.

Could not move "C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll" => Scheduled to move on reboot.

"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.60.2" => Key deleted successfully.

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2" => Key deleted successfully.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => Key deleted successfully.

"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainerV2 => value deleted successfully.

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

ChromeHelperUpdt => Service stopped successfully.

ChromeHelperUpdt => Service deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.

"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.

"HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA.job => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{130E0CB2-1595-42C4-B145-C0195AFBC120}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{130E0CB2-1595-42C4-B145-C0195AFBC120}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A4B9D7B-3994-41E2-B70B-5211581D175D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4B9D7B-3994-41E2-B70B-5211581D175D}" => Key deleted successfully.

C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B2E8D3F-14A2-400C-80A6-D42CFA2C14E9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2E8D3F-14A2-400C-80A6-D42CFA2C14E9}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B630465-2BB3-4E4C-8AA7-734A0029A30E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B630465-2BB3-4E4C-8AA7-734A0029A30E}" => Key deleted successfully.

C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C5CB8F9-E13B-4D18-876A-A1778AA07474}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C5CB8F9-E13B-4D18-876A-A1778AA07474}" => Key deleted successfully.

C:\Windows\System32\Tasks\DTReg => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30877E05-67D2-409C-9324-5DD2B8C90F6C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30877E05-67D2-409C-9324-5DD2B8C90F6C}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ADFF985-B67E-4539-989C-D62ADA9BEF99}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADFF985-B67E-4539-989C-D62ADA9BEF99}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001UA" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A5DDA80-1715-4757-BE8B-CC8199B9EC68}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A5DDA80-1715-4757-BE8B-CC8199B9EC68}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A73565A6-3AF9-4BEA-9369-E98C5CE434F8}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A73565A6-3AF9-4BEA-9369-E98C5CE434F8}" => Key deleted successfully.

C:\Windows\System32\Tasks\PC System Boost Schedule => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC System Boost Schedule" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D297A443-5C1F-42E4-B722-27AC612450FF}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D297A443-5C1F-42E4-B722-27AC612450FF}" => Key deleted successfully.

C:\Windows\System32\Tasks\LaunchApp => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2BBAD00-89CA-40B1-B1DE-B185C00BB303}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2BBAD00-89CA-40B1-B1DE-B185C00BB303}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E87A8994-388C-44A1-AD96-46E72155EC44}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E87A8994-388C-44A1-AD96-46E72155EC44}" => Key deleted successfully.

C:\Windows\System32\Tasks\Codec Update Service => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Codec Update Service" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED4BF54A-C0BC-4FAE-B10F-430E00C271BC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED4BF54A-C0BC-4FAE-B10F-430E00C271BC}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2903869773-3859282900-2980300728-1001Core" => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7F7F82F1-7C95-47CD-814F-950B56D58FC3} => value deleted successfully.

"HKCR\CLSID\{7F7F82F1-7C95-47CD-814F-950B56D58FC3}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF19B72A-36ED-4066-8865-A580AE938CCE} => value deleted successfully.

"HKCR\CLSID\{FF19B72A-36ED-4066-8865-A580AE938CCE}" => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ff19b72a-36ed-4066-8865-a580ae938cce} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{ff19b72a-36ed-4066-8865-a580ae938cce}" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ff19b72a-36ed-4066-8865-a580ae938cce} => value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}" => Key deleted successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-02 10:24:43)<=

 

C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll => Moved successfully.

 

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 
 
 
 
Next,
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Share this post


Link to post
Share on other sites

Wow that was a lot. Okay let's run through all of these again to make sure we've caught everything.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Share this post


Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.2 (10.09.2014:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Thu 10/09/2014 at 16:26:49.73

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] netfilter64 

Successfully deleted: [service] netfilter64 

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_apps.conduit.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_apps.conduit.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_www.delta-search.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Owner\appdata\local\google\chrome\user data\default\local storage\http_www.delta-search.com_0.localstorage-journal"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\ProgramData\KingCoupon

Successfully deleted: [Folder] C:\ProgramData\SavEroAddOn

Successfully deleted: [Folder] "C:\ProgramData\chromehelper"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\apn"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\systweak"

Successfully deleted: [Folder] "C:\Program Files (x86)\lpt"

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\microsoft\windows\start menu\programs\weather alerts"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\4jg62ymw.default-1405562448566\minidumps [3 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 10/09/2014 at 16:29:34.39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


# AdwCleaner v3.311 - Report created 09/10/2014 at 16:36:27

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Owner - OWNER-PC

# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\Convert Files for Free

Folder Deleted : C:\Program Files (x86)\Uninstaller

Folder Deleted : C:\Program Files (x86)\vGrabber-software

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\windows\SysWOW64\SearchProtect

Folder Deleted : C:\Program Files\003

Folder Deleted : C:\Users\Owner\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Owner\AppData\Local\Tuguu_SL

Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Owner\AppData\LocalLow\Free_i-Dressup

Folder Deleted : C:\Users\Owner\AppData\Roaming\DigitalSites

Folder Deleted : C:\Users\Owner\AppData\Roaming\ValueApps

Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader

File Deleted : C:\windows\SysWOW64\SecureAssist.ini

File Deleted : C:\windows\SysWOW64\SecureAssistOff.ini

File Deleted : C:\windows\System32\drivers\netfilter64.sys

File Deleted : C:\windows\System32\SecureAssist.ini

File Deleted : C:\windows\System32\SecureAssist64.dll

File Deleted : C:\windows\System32\SecureAssistOff.ini

File Deleted : C:\Users\Owner\AppData\Local\AnyProtectScannerSetup.exe

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS

Key Deleted : HKLM\SOFTWARE\5f53ded1b63aed44

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3794E6C-E24E-4DE0-8EDF-F6885AA694E6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF19B72A-36ED-4066-8865-A580AE938CCE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3794E6C-E24E-4DE0-8EDF-F6885AA694E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF19B72A-36ED-4066-8865-A580AE938CCE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3794E6C-E24E-4DE0-8EDF-F6885AA694E6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AnyProtect

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Tbccint_HKLM

Key Deleted : HKCU\Software\usyndication.com

Key Deleted : HKCU\Software\Free_i-Dressup

Key Deleted : HKCU\Software\InternetHelper3.1

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\Boost

Key Deleted : HKCU\Software\AppDataLow\Software\Free_i-Dressup

Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\CompeteInc

Key Deleted : HKLM\SOFTWARE\NewPlayer

Key Deleted : HKLM\SOFTWARE\PIP

Key Deleted : HKLM\SOFTWARE\Free_i-Dressup

Key Deleted : HKLM\SOFTWARE\InternetHelper3.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free_i-Dressup Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Mozilla Firefox v30.0 (en-US)

 

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1i0sxoyv.default-1405555105586\prefs.js ]

 

 

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4jg62ymw.default-1405562448566\prefs.js ]

 

 

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bgtt37ey.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [13528 octets] - [09/10/2014 16:32:29]

AdwCleaner[s0].txt - [13210 octets] - [09/10/2014 16:36:27]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13271 octets] ##########

 

 

 

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/9/2014

Scan Time: 5:53:08 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.10.09.12

Rootkit Database: v2014.10.08.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Owner

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 370033

Time Elapsed: 14 min, 18 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Share this post


Link to post
Share on other sites
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.F potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\hk64tbFre0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\hk64tbFre2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\hk64tbFree.dll.vir Win64/Toolbar.Conduit.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\hktbFre0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\hktbFre2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\hktbFree.dll.vir Win32/Toolbar.Conduit.W potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\ldrtbFre2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\ldrtbFree.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\prxtbFre2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\tbFre0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\tbFre1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\tbFre2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\tbFree.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Free_i-Dressup\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\windows\System32\drivers\netfilter64.sys.vir a variant of Win64/Riskware.NetFilter.F application cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Free_i-Dressup\Free_i-DressupToolbarHelper.exe Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Free_i-Dressup\hk64tbFree.dll Win64/Toolbar.Conduit.A potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Free_i-Dressup\hktbFree.dll Win32/Toolbar.Conduit.W potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Free_i-Dressup\ldrtbFree.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Free_i-Dressup\prxtbFree.dll Win32/Toolbar.Conduit.W potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Program Files (x86)\Free_i-Dressup\tbFree.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Conduit\Community Alerts\Aler0.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.16.70.1_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.16.70.1_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop\10.16.100.4_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop\10.16.100.4_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop\10.31.4.510_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdfjaaobagbaepmefnjabfmhnggliop\10.31.4.510_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined

C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A potentially unwanted application deleted - quarantined

C:\Users\Owner\AppData\Roaming\Image Editor Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined

C:\Users\Owner\AppData\Roaming\PDF Writer Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined

C:\Users\Owner\Desktop\wzmp_8.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application deleted - quarantined

C:\Users\Owner\Desktop\Old Firefox Data\i99ijvug-1.default\extensions\components\SmartbarFireFoxRemotePlugin_22.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\Users\Owner\Desktop\Old Firefox Data\i99ijvug-1.default\extensions\components\SmartbarFireFoxRemotePlugin_23.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\Users\Owner\Desktop\Old Firefox Data\i99ijvug-1.default\extensions\components\SmartbarFireFoxRemotePlugin_24.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\Users\Owner\Desktop\Old Firefox Data\i99ijvug-1.default\extensions\components\SmartbarFireFoxRemotePlugin_25.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\Users\Owner\Desktop\Old Firefox Data\i99ijvug-1.default\extensions\components\SmartbarFireFoxRemotePlugin_26.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\Users\Owner\Desktop\Old Firefox Data\i99ijvug-1.default\extensions\components\SmartbarFireFoxRemotePlugin_27.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\Users\Owner\Downloads\ImageEditorSetup.exe Win32/InstallCore.BN potentially unwanted application deleted - quarantined

C:\Users\Owner\Downloads\multiplyroi_tomtom-home.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined

C:\Users\Owner\Downloads\PageRageSetupAff (1).exe multiple threats cleaned by deleting - quarantined

C:\Users\Owner\Downloads\PageRageSetupAff (2).exe multiple threats cleaned by deleting - quarantined

C:\Users\Owner\Downloads\PCSpeedMaximizer.exe multiple threats cleaned by deleting - quarantined

C:\Users\Owner\Downloads\TotalRecipeSearchSetup2.5.5.6.YKman000 (1).exe a variant of Win32/Toolbar.MyWebSearch.R potentially unwanted application deleted - quarantined

C:\Users\Owner\Downloads\video_downloader.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined

C:\Users\Owner\Downloads\WindowsCodec.exe a variant of Win32/Idmsq.A potentially unwanted application deleted - quarantined

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01

Ran by Owner (administrator) on OWNER-PC on 09-10-2014 18:21:49

Running from C:\Users\Owner\Desktop

Loaded Profile: Owner (Available profiles: Owner & User)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Windows\jmesoft\Service.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

(Lenovo) C:\Windows\jmesoft\hotkey.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

() C:\Windows\jmesoft\JME_LOAD.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe

() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-06] ()

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [74840 2012-04-18] (Intuit Inc.)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)

HKU\S-1-5-21-2903869773-3859282900-2980300728-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4jg62ymw.default-1405562448566

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com [2013-02-23]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com [2013-02-23]

FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

 

Chrome: 

=======

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-26]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-26]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-26]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-26]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-01]

CHR Extension: (Safe Money) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-10-04]

CHR Extension: (Content Blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-01]

CHR Extension: (Virtual Keyboard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-01]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-26]

CHR Extension: (Anti-Banner) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-04]

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\ab.crx [2012-10-25]

CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-09] (Malwarebytes Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-09 18:20 - 2014-10-09 18:20 - 02109952 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2014-10-09 18:18 - 2014-10-09 18:18 - 00010097 _____ () C:\Users\Owner\Desktop\eset.txt

2014-10-09 17:18 - 2014-10-09 17:18 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-10-09 16:39 - 2014-10-09 16:39 - 01375089 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe

2014-10-09 16:31 - 2014-10-09 16:36 - 00000000 ____D () C:\AdwCleaner

2014-10-09 16:31 - 2014-10-09 16:31 - 01375089 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe

2014-10-09 16:29 - 2014-10-09 16:29 - 00002480 _____ () C:\Users\Owner\Desktop\JRT.txt

2014-10-09 16:25 - 2014-10-09 02:46 - 01705755 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe

2014-10-05 11:38 - 2014-10-05 11:38 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia

2014-10-04 19:46 - 2014-10-04 19:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-10-04 19:41 - 2014-10-05 10:02 - 00000011 _____ () C:\Users\User\.DLMSave_back.xml

2014-10-04 19:41 - 2014-10-05 10:02 - 00000011 _____ () C:\Users\User\.DLMSave.xml

2014-10-04 19:41 - 2014-10-04 19:41 - 00001238 _____ () C:\Users\User\.Setting.ini

2014-10-04 19:41 - 2014-10-04 19:41 - 00000254 _____ () C:\Users\User\.DLMTempFile.txt

2014-10-04 19:41 - 2014-10-04 19:41 - 00000000 ____D () C:\Users\User\AppData\Local\Apple

2014-10-04 16:57 - 2014-10-04 16:57 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList

2014-10-04 16:57 - 2014-10-04 16:57 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList

2014-10-04 16:56 - 2014-10-04 16:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla

2014-10-04 16:56 - 2014-10-04 16:56 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla

2014-10-04 16:55 - 2014-10-04 16:55 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

2014-10-04 16:21 - 2014-10-04 18:16 - 03674112 _____ () C:\Users\User\Desktop\Reno.QDF-backup

2014-10-04 16:05 - 2014-10-04 16:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intuit

2014-10-04 16:03 - 2014-10-04 16:03 - 00063440 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

2014-10-04 16:00 - 2014-10-04 16:00 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer

2014-10-04 15:45 - 2014-10-05 10:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\SoftGrid Client

2014-10-04 15:45 - 2014-10-04 15:45 - 00000000 ____D () C:\Users\User\AppData\Local\SoftGrid Client

2014-10-04 15:33 - 2014-10-06 19:16 - 00000000 ____D () C:\Users\User\Documents\Quicken

2014-10-04 15:33 - 2014-10-04 15:33 - 00000000 ____D () C:\Users\User\Documents\TurboTax

2014-10-04 15:33 - 2014-10-04 15:33 - 00000000 ____D () C:\Users\User\Documents\TomTom

2014-10-04 15:33 - 2014-10-04 15:33 - 00000000 ____D () C:\Users\User\Documents\Teaona's docs

2014-10-04 15:33 - 2014-10-04 15:33 - 00000000 ____D () C:\Users\User\Documents\PC System Boost

2014-10-04 15:33 - 2014-10-04 15:33 - 00000000 ____D () C:\Users\User\Documents\Avery Design & Print Online 7_files

2014-10-04 15:33 - 2013-07-27 16:13 - 00000196 _____ () C:\Users\User\Documents\camping2.htm

2014-10-04 15:33 - 2013-06-10 18:57 - 00000000 ____D () C:\Users\User\Documents\SmartDraw

2014-10-04 15:33 - 2012-07-20 13:14 - 00096286 _____ () C:\Users\User\Documents\Images Attachment 1957-chevrolet-wiring-diagrams   Automotive Wiring Diagrams and Electrical Diagrams.htm

2014-10-04 15:33 - 2012-02-28 17:35 - 00011713 _____ () C:\Users\User\Documents\Avery Design & Print Online 7.htm

2014-10-04 15:30 - 2014-10-04 16:53 - 00000000 ____D () C:\Users\User\Documents\Mom's

2014-10-04 15:30 - 2014-10-04 15:30 - 00000000 ____D () C:\Users\User\Documents\Images Attachment 1957-chevrolet-wiring-diagrams   Automotive Wiring Diagrams and Electrical Diagrams_files

2014-10-04 15:30 - 2013-08-18 10:51 - 00000000 ____D () C:\Users\User\Documents\insurance scan

2014-10-04 15:27 - 2014-10-04 16:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe

2014-10-04 15:27 - 2014-10-04 16:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer

2014-10-04 15:27 - 2014-10-04 15:27 - 00002281 _____ () C:\Users\User\Desktop\Safe Money.lnk

2014-10-04 15:27 - 2014-10-04 15:27 - 00002131 _____ () C:\Users\User\Desktop\Lenovo Rescue System.lnk

2014-10-04 15:27 - 2014-10-04 15:27 - 00001417 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-10-04 15:27 - 2014-10-04 15:27 - 00000258 __RSH () C:\Users\User\ntuser.pol

2014-10-04 15:27 - 2014-10-04 15:27 - 00000020 ___SH () C:\Users\User\ntuser.ini

2014-10-04 15:27 - 2014-10-04 15:27 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore

2014-10-04 15:27 - 2012-12-08 18:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia

2014-10-04 15:27 - 2011-11-18 17:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2014-10-04 15:27 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-04 15:27 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-10-04 14:38 - 2014-10-04 14:38 - 00031130 _____ () C:\Users\Owner\Desktop\Result.txt

2014-10-04 14:37 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2014-10-04 14:37 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll

2014-10-04 14:37 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2014-10-04 14:37 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2014-10-04 14:36 - 2014-10-03 16:56 - 00401920 _____ (Farbar) C:\Users\Owner\Desktop\MiniToolBox.exe

2014-10-04 14:35 - 2014-10-09 17:40 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-04 14:35 - 2014-10-09 16:39 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-04 14:35 - 2014-10-04 14:35 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-04 14:35 - 2014-10-04 14:35 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-04 14:34 - 2014-10-04 14:34 - 00002281 _____ () C:\Users\Owner\Desktop\Safe Money.lnk

2014-10-04 14:32 - 2014-10-04 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013

2014-10-04 14:32 - 2013-02-23 10:15 - 00001111 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk

2014-10-02 17:49 - 2014-10-02 17:49 - 00000826 _____ () C:\Users\Owner\Desktop\JRT - Shortcut.lnk

2014-09-29 10:35 - 2014-09-29 10:32 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe

2014-09-29 10:31 - 2014-09-29 10:31 - 00060179 _____ () C:\JavaRa.log

2014-09-29 10:29 - 2014-09-29 10:30 - 00000000 ____D () C:\Users\Owner\Desktop\Remove Java

2014-09-29 10:29 - 2014-09-28 00:03 - 00165800 _____ () C:\Users\Owner\Desktop\JavaRa-1.16-20-1-14.zip

2014-09-26 20:28 - 2014-09-26 20:28 - 00021570 _____ () C:\ComboFix.txt

2014-09-26 20:04 - 2014-09-26 20:28 - 00000000 ____D () C:\Qoobox

2014-09-26 20:04 - 2014-09-26 20:27 - 00000000 ____D () C:\windows\erdnt

2014-09-26 20:04 - 2014-09-24 23:16 - 05579290 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe

2014-09-26 20:04 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe

2014-09-26 20:04 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe

2014-09-26 20:04 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe

2014-09-26 20:04 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe

2014-09-23 17:43 - 2014-09-29 10:39 - 00031129 _____ () C:\Users\Owner\Desktop\Addition.txt

2014-09-23 17:39 - 2014-10-09 18:22 - 00016085 _____ () C:\Users\Owner\Desktop\FRST.txt

2014-09-23 17:39 - 2014-10-09 18:20 - 02109952 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-09-12 03:08 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-09-12 03:08 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-09-12 03:08 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-09-12 03:08 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-09-12 03:08 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-09-12 03:08 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-09-12 03:08 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-09-12 03:08 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-09-12 03:08 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-09-12 03:08 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-09-12 03:08 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-09-12 03:08 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-09-12 03:08 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-09-12 03:08 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-09-12 03:08 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-09-12 03:08 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-09-12 03:08 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-09-12 03:08 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-09-12 03:08 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-09-12 03:08 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-09-12 03:08 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-09-12 03:08 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-09-12 03:08 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-09-12 03:08 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-09-12 03:08 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-09-12 03:08 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-09-12 03:08 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-09-12 03:08 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-09-12 03:08 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-09-12 03:08 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-09-12 03:08 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-09-12 03:08 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-09-12 03:08 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-09-12 03:08 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-09-12 03:08 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-09-12 03:08 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-09-12 03:08 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-09-12 03:08 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-12 03:08 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-09-12 03:08 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-09-12 03:08 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-09-12 03:08 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-09-12 03:08 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-09-12 03:08 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-09-12 03:08 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-09-12 03:08 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-09-12 03:08 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-09-12 03:08 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-09-12 03:08 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-09-12 03:08 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-09-12 03:08 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-09-12 03:08 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-09-12 03:00 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll

2014-09-12 03:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll

2014-09-11 19:05 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2014-09-11 19:05 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll

2014-09-11 19:05 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-09-11 19:05 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-09-11 19:05 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-09-11 19:05 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-09-11 19:05 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-09-11 19:05 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-09-11 19:05 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-09 18:21 - 2014-08-04 13:35 - 00000000 ____D () C:\FRST

2014-10-09 18:12 - 2013-06-10 19:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PDF Writer Packages

2014-10-09 18:12 - 2013-06-10 19:16 - 00000000 ____D () C:\Program Files (x86)\PDFCreator

2014-10-09 18:12 - 2013-06-10 18:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Image Editor Packages

2014-10-09 18:03 - 2012-04-24 06:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-10-09 17:54 - 2012-02-08 11:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-10-09 16:45 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-09 16:45 - 2009-07-13 21:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-09 16:43 - 2009-07-13 22:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI

2014-10-09 16:42 - 2011-11-18 17:06 - 01498023 _____ () C:\windows\WindowsUpdate.log

2014-10-09 16:41 - 2014-07-10 19:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-09 16:37 - 2010-11-20 20:47 - 01083880 _____ () C:\windows\PFRO.log

2014-10-09 16:37 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-10-09 16:37 - 2009-07-13 21:51 - 00057257 _____ () C:\windows\setupact.log

2014-10-08 16:34 - 2012-02-18 17:54 - 06766592 _____ () C:\Users\Owner\Desktop\Reno.QDF-backup

2014-10-07 07:03 - 2012-04-24 06:27 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-10-07 07:03 - 2012-04-24 06:27 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-10-07 07:03 - 2012-02-17 06:18 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-05 11:37 - 2009-07-13 22:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD

2014-10-04 19:41 - 2012-03-24 19:35 - 00000000 ____D () C:\Program Files (x86)\eMusic Download Manager

2014-10-04 18:56 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache

2014-10-04 15:40 - 2012-07-23 06:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client

2014-10-04 14:54 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2014-10-04 14:34 - 2013-06-16 08:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-10-02 10:13 - 2014-06-27 16:42 - 00000000 ____D () C:\windows\System32\Tasks\Apple

2014-10-02 10:13 - 2012-02-08 09:16 - 00000000 ____D () C:\Users\Owner

2014-09-26 20:43 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF

2014-09-26 20:28 - 2009-07-13 20:20 - 00000000 ___HD () C:\Users\Default

2014-09-26 20:25 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini

2014-09-26 20:24 - 2009-07-13 19:34 - 66584576 _____ () C:\windows\system32\config\SOFTWARE.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 17563648 _____ () C:\windows\system32\config\SYSTEM.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak

2014-09-26 20:24 - 2009-07-13 19:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak

2014-09-15 09:06 - 2010-11-20 20:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2014-09-12 03:07 - 2012-02-20 22:43 - 00775586 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2014-09-12 03:06 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT

2014-09-12 03:01 - 2012-02-08 10:36 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-06 06:33

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01

Ran by Owner at 2014-10-09 18:22:32

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avery Template (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000008}) (Version: 2.0.0.0 - Avery)

Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden

Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

eMusic Download Manager (HKLM-x32\...\eMusic Download Manager 5.0.5) (Version: 5.0.5 - eMusic.com Inc.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)

Image Editor Packages (HKCU\...\Image Editor Packages) (Version:  - ) <==== ATTENTION

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)

JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden

Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)

Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)

Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden

LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance)

LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Muvic Smartbar (HKLM-x32\...\{AA236AFD-B26E-4BC7-9A13-76BD5F9887AC}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION

Muvic Smartbar Engine (HKCU\...\{22b9429d-b2b6-4f1a-b56a-190a0445f4a5}) (Version: 10.211.58.15493 - PinWid Ltd.) <==== ATTENTION

PDF Creator (HKLM\...\PDF Creator) (Version:  - )

PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION

Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden

TurboTax 2012 woriper (x32 Version: 012.000.1483 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1755 - Intuit Inc.) Hidden

TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0463 - Intuit Inc.) Hidden

TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0162 - Intuit Inc.) Hidden

TurboTax 2013 woriper (x32 Version: 013.000.1237 - Intuit Inc.) Hidden

TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

Vgrabber v1 Toolbar (HKLM-x32\...\Vgrabber_v1 Toolbar) (Version: 6.13.3.1 - Vgrabber v1) <==== ATTENTION

Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )

Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2903869773-3859282900-2980300728-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2903869773-3859282900-2980300728-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

 

==================== Restore Points  =========================

 

27-09-2014 03:05:04 ComboFix created restore point

29-09-2014 17:38:36 Windows Backup

04-10-2014 21:37:47 Windows Update

04-10-2014 23:14:26 Windows Update

06-10-2014 13:07:55 Windows Backup

08-10-2014 04:29:00 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 19:34 - 2014-09-26 20:25 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {17BB5AFE-1C82-49BA-8BE8-6F506E533BD4} - System32\Tasks\{0A4461E2-8077-4842-8314-A1298B006C20} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation)

Task: {6680188B-0E1D-4B87-BB22-88A1713FE395} - System32\Tasks\{AFACE052-54AC-4164-A084-A6487EB1AE71} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)

Task: {7C3D52D6-EB49-47D8-A06B-D150E58361FE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {8DDE19FF-0CA7-4D6D-B78C-767A381BA102} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-07] (Adobe Systems Incorporated)

Task: {9CDAC421-42E9-4874-B424-147BDA9B49AB} - System32\Tasks\{AE9451BA-4FD0-47C7-B128-57E201AC148B} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)

Task: {A8CAF8EB-BE40-44D4-87F5-A1EDD2F38485} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: {F50A329E-6C86-41BD-9536-70119582D3A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-06-10 19:16 - 2011-10-04 22:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll

2011-11-18 17:09 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe

2010-11-19 03:22 - 2010-11-11 21:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-11-18 17:09 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe

2014-10-09 17:18 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-08-17 22:39 - 2013-02-25 02:48 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll

2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

2011-11-18 17:09 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

2014-03-15 07:15 - 2014-03-14 17:50 - 00051016 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-03-15 07:15 - 2014-03-14 17:50 - 00716616 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll

2014-03-15 07:15 - 2014-03-14 17:50 - 00100168 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll

2014-03-15 07:15 - 2014-03-14 17:50 - 04061000 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-15 07:15 - 2014-03-14 17:50 - 00394568 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-15 07:15 - 2014-03-14 17:50 - 01647432 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2903869773-3859282900-2980300728-500 - Administrator - Disabled)

Guest (S-1-5-21-2903869773-3859282900-2980300728-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2903869773-3859282900-2980300728-1003 - Limited - Enabled)

Owner (S-1-5-21-2903869773-3859282900-2980300728-1001 - Administrator - Enabled) => C:\Users\Owner

User (S-1-5-21-2903869773-3859282900-2980300728-1004 - Limited - Enabled) => C:\Users\User

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/09/2014 04:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2014 04:38:30 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Click-2-Run package registration failure.

 

Error: (10/09/2014 04:38:30 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=9C8}

The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD).

 

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

Error: (10/09/2014 04:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/09/2014 04:38:30 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Click-2-Run package registration failure.

 

Error: (10/09/2014 04:38:30 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=9C8}


 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-08 00:57:40.878

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-08 00:57:40.878

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-08 00:57:40.878

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-07 00:43:15.031

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-07 00:43:15.031

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-07 00:43:15.031

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-05 12:29:31.120

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-05 12:29:31.120

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-05 12:29:31.120

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-10-03 08:26:57.717

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-2120 CPU @ 3.30GHz

Percentage of memory in use: 36%

Total physical RAM: 8040.37 MB

Available physical RAM: 5085.47 MB

Total Pagefile: 16078.92 MB

Available Pagefile: 12806.88 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:906.34 GB) (Free:832.18 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 972414AA)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

 

==================== End Of Log ============================

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.