Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tarma.A showed up on Malwarebytes...


  • This topic is locked This topic is locked
23 replies to this topic

#1 BigMac90501

BigMac90501

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 22 August 2013 - 01:52 PM

...which, according to the log file was successfully removed.  But this laptop has other infections,  just not sure what it is.

 

Hi Team,

 

 

  Thanks for taking the time to look into this for me.  This PC is my wife's Toshiba Satellite Windows 7 laptop.  Basically,  nothing works - machine is running very very slow,can't run IE or Chrome,  Windows Update is running constantly (I have 60+ updates trying to install). There's a couple of programs installed that I'm not sure what they are and i can't remove them, Yontoo & Bucksbee Loyality.  I'm not sure what additional information you need.

 

 

Thanks again for your help.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476
Run by Owner at 10:08:22 on 2013-08-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3891.2821 [GMT -7:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\GfxUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bleepingcomputer.com/download/dds
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyEtB0CyCyEzz0A0CyEtCtN0D0Tzu0CtByDtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=680763488
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {327f75ed-061b-4339-8cc6-5dd45ad1396d} - 
uURLSearchHooks: FCToolbarURLSearchHook Class: {4d95229d-bcd1-51b4-d184-411b9857a1f4} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: MRI_DISABLED - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Owner\AppData\Local\ArcadeCandy\candyEX.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
BHO: Bucksbee Loyalty Plugin - 100815: {E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\BESTBU~1.LNK - C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{642B8FC0-1EB7-4B86-8B69-7BA1454B4655} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{642B8FC0-1EB7-4B86-8B69-7BA1454B4655}\65562796A7F6E602D494649443531303C4024483644302355636572756 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyEtB0CyCyEzz0A0CyEtCtN0D0Tzu0CtByDtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=680763488
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2012-5-27 85048]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-5-26 482384]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2012-5-27 66104]
R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2011-12-24 202296]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-5-26 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-5-26 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-26 331880]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2009-12-17 36760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-5-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
.
=============== Created Last 30 ================
.
2013-08-22 04:43:27 -------- d-----w- C:\1123eabf1861dddf8606
2013-08-22 04:38:25 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D18EAFA-2D8F-46FE-A106-F299E63BD864}\mpengine.dll
2013-08-22 01:51:17 17139080 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-22 00:39:37 1545728 ----a-w- C:\windows\System32\DWrite.dll
2013-08-22 00:39:37 1077760 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-08-21 21:44:35 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-21 21:44:34 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-21 21:44:33 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-21 21:44:31 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-08-21 21:44:31 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-08-21 21:44:31 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-21 21:44:14 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-08-21 21:44:14 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-08-21 16:35:25 -------- d-----w- C:\fa155fff5bf292fd5639f8
.
==================== Find3M  ====================
.
2013-08-22 02:50:00 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-22 02:48:03 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 27 August 2013 - 10:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If you can download these tools to a Flash Driver or CD from a good computer and copy the files to the Desktop of the infected computer then run them.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 28 August 2013 - 12:29 PM

Hi nasdaq,

 

 

 

 

  Thanks for your help and sorry it took so long for me to reply,  but I spent most of the day yesterday just trying to get through the 3 steps. I wasn't able to make it through JRT.  I believe I ran it 3 times yesterday.  Each time I ran it,  it would get a little farther in the process, but eventually the laptop would just shutdown.

 

  Running the RogueKiller & Adwcleaner did make some improvements,  I'm able to run IE & Chrome now which I wasn't able to do before.  But the machine is dreadfully slow.

 

  Two big changes I noticed,  boot up times are also very slow - probably takes in the neighborhood of 10-15 minutes just to get past the "starting windows" logo. Shutdown/restart is equally as long- if it shuts down at all.  Also,  when I booted up the machine this morning - it went through chkdsk (which isn't abnormal since the infection),  but this time it recovered 813 orphaned files.  Not sure if that a good thing or bad.

 

 

Log files:

 

 

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 08/27/2013 13:44:03
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] CandyUpdater.job : C:\Users\Owner\AppData\Local\ArcadeCandy\candyUpdater.exe [-] -> DELETED
[V2][SUSP PATH] CandyUpdater : C:\Users\Owner\AppData\Local\ArcadeCandy\candyUpdater.exe [-] -> ERROR DELETING TASK
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
 
 
____________________________________________________________
 
 
 
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD5000BPVT-22A1YT0 +++++
--- User ---
[MBR] 2f4f4cc7366b78f95eea38722698efb0
[BSP] d884227eba0e56b0b0db9f4a78720112 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464558 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954488832 | Size: 10881 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_08272013_134403.txt >>
RKreport[0]_S_08272013_130621.txt
 
 
 
 
____________________________________________________________________________
 
 
 
# AdwCleaner v3.001 - Report created 27/08/2013 at 14:27:50
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Users\Owner\AppData\Local\apn
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Playbryte
File Deleted : C:\Users\Owner\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Google Chrome v24.0.1312.57
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [10228 octets] - [27/08/2013 14:23:12]
AdwCleaner[S0].txt - [9548 octets] - [27/08/2013 14:27:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9608 octets] ##########


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 28 August 2013 - 01:16 PM


Lets continue the cleanup.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#5 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 28 August 2013 - 01:41 PM

I believe in my original post,  I mentioned about the windows updater running constantly...Right now the PC is trying to install 4 updates.  Its been sitting on installing 1 of 4 since my last post (1hr+).  It says not to power off or unplug.  Would you think this is part of the infection? Would it be ok for me to hit the power button at this point or should I just let it continue trying to do these installs?

 

 

 

Thanks,

 

 

Mike



#6 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 29 August 2013 - 12:40 AM

No significant change in the performance of the PC. Log files as requested:

 

 

 
ComboFix 13-08-28.02 - Owner 08/28/2013  14:07:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3891.2644 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky PURE 2.0 *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{065F3DD2-F296-4F79-A2BE-1994C3CBDC8A}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1264CE8B-1122-4323-B705-7D3C683A285F}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2AF1D9CD-C509-4CAC-A736-9853664A83A7}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2C781453-C966-4A74-BCBD-36C8272B1AE1}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2E3CE74E-2A88-4056-8BFE-B0FA52A1C423}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D931A86-1E58-4B15-A1A0-F36C220B50F1}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{565DE462-B3E9-459E-90C9-C2FD9A1FD139}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{675C6756-7DB6-4945-9952-710E68C88245}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D089CCE-800B-4B30-8604-A0B047B3381E}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DABB8AE-3811-41AA-96CF-C8C0A8BC1649}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8A5942D9-B627-4605-BB34-5BB4AA6FB1CD}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9CAAE108-FBAA-416C-99B3-E17F553DB755}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1F5B589-5424-4C1B-9CEB-B99CF52BBB33}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC3F4AF8-9FC6-4179-862D-70D86A1D4FD5}.xps
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F4BD8937-91AB-45D3-8AE9-99D1C8EB619F}.xps
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-29  )))))))))))))))))))))))))))))))
.
.
2013-08-29 01:13 . 2013-08-29 01:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-28 21:21 . 2013-08-28 21:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D18EAFA-2D8F-46FE-A106-F299E63BD864}\offreg.dll
2013-08-27 23:37 . 2013-08-28 02:02 -------- d-----w- C:\81ebf10d79fc4d444f56
2013-08-27 22:37 . 2013-08-27 23:01 -------- d-----w- C:\d4732a039de75b61143da0e3d9
2013-08-27 22:14 . 2013-08-27 22:14 -------- d-----w- c:\windows\ERUNT
2013-08-27 21:22 . 2013-08-27 21:52 -------- d-----w- C:\AdwCleaner
2013-08-27 20:57 . 2013-08-27 20:57 -------- d-----w- C:\found.007
2013-08-27 20:31 . 2013-08-27 21:07 -------- d-----w- C:\5458958484b0dbd23bb684b6f5
2013-08-27 16:48 . 2013-08-27 18:22 -------- d-----w- C:\6cf8d7348d26294c1c63eb8a73
2013-08-24 02:21 . 2013-08-24 02:21 -------- d-----w- c:\windows\SysWow64\%Encryption%
2013-08-22 22:39 . 2013-08-22 22:39 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-08-22 20:39 . 2013-08-22 20:39 -------- d-----w- c:\program files (x86)\ESET
2013-08-22 19:14 . 2013-08-22 19:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-22 17:45 . 2013-08-22 18:54 -------- d-----w- C:\c8e11bcd8b3c2ad312
2013-08-22 04:43 . 2013-08-22 04:43 -------- d-----w- C:\1123eabf1861dddf8606
2013-08-22 04:38 . 2013-07-15 10:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D18EAFA-2D8F-46FE-A106-F299E63BD864}\mpengine.dll
2013-08-22 01:51 . 2013-08-22 01:51 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-22 00:39 . 2013-04-10 05:45 1545728 ----a-w- c:\windows\system32\DWrite.dll
2013-08-22 00:39 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-21 21:44 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-21 21:44 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-21 21:44 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-21 21:44 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-21 21:44 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-21 21:44 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-21 21:44 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-08-21 21:44 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-08-21 16:35 . 2013-08-21 16:35 -------- d-----w- C:\fa155fff5bf292fd5639f8
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 02:50 . 2012-07-21 07:27 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-22 02:48 . 2012-07-21 07:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-10-25 15:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2011-12-24 202296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 16:23 1294136 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-24 08:54 2454840 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 19:11]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 04:18]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 04:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-10-25 15:27 565688 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FAA70AB4-F829-43E0-B1F6-0825C1AF1675}: NameServer = 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{4d95229d-bcd1-51b4-d184-411b9857a1f4} - c:\program files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
MSConfigStartUp-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-Bucksbee Loyalty Plugin - 100815 - c:\program files (x86)\Bucksbee Loyalty Plugin - 100815\Uninst.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\setup.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_94DDE1EDD1CDF6A3.exe
AddRemove-{6A2EF989-A524-48bf-985F-9D076B334980} - c:\users\Owner\AppData\Local\ArcadeCandy\candyRemove.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-28  18:16:21
ComboFix-quarantined-files.txt  2013-08-29 01:16
.
Pre-Run: 419,202,977,792 bytes free
Post-Run: 419,162,234,880 bytes free
.
- - End Of File - - 579AB3F43F1D8A3C8437BEAC7FAF0D20
 
 
 
 
 
_______________________________________________
 
 
Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Kaspersky PURE 2.0   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed! 
 Java™ 6 Update 17  
 Java version out of Date! 
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Google Chrome 25.0.1364.172  
 Google Chrome 27.0.1453.110  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky PURE 2.0 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log`````````````````````` 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 29 August 2013 - 08:56 AM


Delete this file.
C:\found.007

If you have any other file name found.xxx where x is a number delete them also.
===

Windows update problem. Try the fixes on this Microsoft Page.

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/stuck-installing-update-1-of-4/65b2c6a7-7033-4049-981b-1afc112391fa

If at any time you need help please ask.

Keep me posted.
===

When all is well, not before, update the following.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 17

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

#8 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 04 September 2013 - 05:21 PM

Hi nasdaq,

 

 

 

  I apologize for the delayed response,  life got in the way of fixing this thing.

 

 

The status of this PC is relatively unchanged.  I still can't get the PC to startup and shutdown normally.  The startup takes 15-20 minutes,  the shutdown can take an hour or more.  I decided to change the windows update to manual so that I can select the updates and try to control what's happening.  The problem I'm having now,  the PC hangs (I think it's hung,  can't really tell) when trying to do the update installs - if that makes sense.  For example,  right now the PC is attempting to install 9 updates.  It's been stuck on installing 1 of 9 for well over an hour.

 

 

Mike



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 05 September 2013 - 07:23 AM


right now the PC is attempting to install 9 updates. It's been stuck on installing 1 of 9 for well over an hour.


The best answer I could find on this type of problem is from this link.
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-7-stuck-on-please-do-not-power-off-or/47da3f91-1ace-4296-83c9-1c610a168884

The fix is listed in the last message from:
tmgodschildtm replied on August 1, 2013See post history

Keep me posted.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 11 September 2013 - 08:08 AM

Are you still with me?

#11 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 11 September 2013 - 08:39 AM

I am nasdaq,  but it's not going well.  I'm to the point where I think reloading the OS is my best option.  On the last link you sent me,  the article discusses running the Windows repair utility then try to determine which update is causing the problem and do a manual install.  The problem is,  Windows repair didn't find any problems and I don't have any system restore point to try and figure out which update is hosed up. I've tried running the updates individually with no luck.  The PC will sit there for hours just trying to do the download.  I'm at a loss.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 11 September 2013 - 10:21 AM

Lets try this.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Register system files
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair Windows Updates
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair


#13 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 September 2013 - 04:51 PM

That did the trick nasdaq.  Finally,  I was able to get most of the updates done.  One of them failed, a security update for Silverlight.  Here's the latest DDS files:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686
Run by Owner at 14:45:31 on 2013-09-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3891.2575 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: MRI_DISABLED - <orphaned>
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\BESTBU~1.LNK - C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{642B8FC0-1EB7-4B86-8B69-7BA1454B4655} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{642B8FC0-1EB7-4B86-8B69-7BA1454B4655}\65562796A7F6E602D494649443531303C4024483644302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6D55051F-1D1D-4669-AAF5-DC226D406735} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FAA70AB4-F829-43E0-B1F6-0825C1AF1675} : NameServer = 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2012-5-27 85048]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-5-26 482384]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2012-5-27 66104]
R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2011-12-24 202296]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-26 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-5-26 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-5-26 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-26 331880]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2009-12-17 36760]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-5-26 51512]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-5-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-27 1255736]
.
=============== Created Last 30 ================
.
2013-09-12 20:49:38 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-09-12 20:48:44 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-09-12 13:23:13 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F961137-95ED-4713-BBD6-DDCBB5F58338}\mpengine.dll
2013-09-12 10:46:06 -------- d-----w- C:\windows\System32\catroot2
2013-09-11 21:16:13 -------- d-----w- C:\windows\SysWow64\wbem\Performance
2013-09-11 20:53:42 -------- d-----w- C:\RegBackup
2013-08-29 09:34:16 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-29 09:25:58 -------- d-----w- C:\windows\System32\MRT
2013-08-29 01:27:41 624128 ----a-w- C:\windows\System32\qedit.dll
2013-08-29 01:27:41 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-08-29 01:27:39 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-29 01:27:39 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-08-29 01:27:39 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-08-29 01:27:39 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-29 01:27:38 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-29 01:16:27 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-29 01:14:04 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-08-29 01:13:13 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-08-29 01:13:13 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-08-29 01:13:11 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-08-29 01:13:11 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-08-28 21:08:41 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-08-28 21:05:06 98816 ----a-w- C:\windows\sed.exe
2013-08-28 21:05:06 256000 ----a-w- C:\windows\PEV.exe
2013-08-28 21:05:06 208896 ----a-w- C:\windows\MBR.exe
2013-08-27 23:37:59 -------- d-----w- C:\81ebf10d79fc4d444f56
2013-08-27 22:37:37 -------- d-----w- C:\d4732a039de75b61143da0e3d9
2013-08-27 22:14:40 -------- d-----w- C:\windows\ERUNT
2013-08-27 21:22:28 -------- d-----w- C:\AdwCleaner
2013-08-27 20:31:06 -------- d-----w- C:\5458958484b0dbd23bb684b6f5
2013-08-27 16:48:04 -------- d-----w- C:\6cf8d7348d26294c1c63eb8a73
2013-08-24 02:21:43 -------- d-----w- C:\windows\SysWow64\%Encryption%
2013-08-22 22:39:40 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-08-22 20:39:34 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-22 19:14:51 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-22 19:03:12 -------- d-----w- C:\windows\pss
2013-08-22 17:45:20 -------- d-----w- C:\c8e11bcd8b3c2ad312
2013-08-22 04:43:27 -------- d-----w- C:\1123eabf1861dddf8606
2013-08-21 21:44:14 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-08-21 21:44:14 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-08-21 21:44:13 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-08-21 21:44:13 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-08-21 16:35:25 -------- d-----w- C:\fa155fff5bf292fd5639f8
2013-08-14 14:53:56 18634944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M  ====================
.
2013-08-29 09:34:16 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\windows\System32\win32k.sys
2013-08-07 11:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
.
============= FINISH: 14:46:34.52 ===============


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 13 September 2013 - 07:30 AM

One of them failed, a security update for Silverlight.


If you need it check your Silverlight installation.
http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx
===
 

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\BESTBU~1.LNK - C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe

Unless you have a need to check Best Buy Software on every start you should remove the .lnk inyour starup folder.
===

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
===

Please let me know of any remaining issues with this computer.

#15 BigMac90501

BigMac90501
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 13 September 2013 - 11:22 AM

I'm unable to uninstall or install Silverlight.  I get an error message (network resource is unavailable), it can't find silverlight.msi

 

 

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Fri Sep 13 09:08:34 2013
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: JavaPlugin.FamilyVersionSupport
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
 
Found and removed: JavaScript
 
Found and removed: JavaScript Author
 
Found and removed: JavaScript1.1
 
Found and removed: JavaScript1.1 Author
 
Found and removed: JavaScript1.2
 
Found and removed: JavaScript1.2 Author
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
 
Found and removed: Software\Classes\JavaPlugin.160_17
 
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_17
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\JavaPlugin
 
Found and removed: SOFTWARE\Classes\JavaPlugin.160_17
 
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_17
 
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6
 
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_17
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_17
 
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
 
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
------------------------------------
 
Finished reporting.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users