Solved i can't download antivirus because i am missing mfc110u.dll

January 26, 2014 at 10:51:38
Specs: Windows 7, intel core 2.13 GHz/4 gigs
Every time I turn my laptop on it tells me that I have the program mfc110u.dll missing from my computer. I have tried to download it unsuccessfully due to websites wanting me to download other programs that I don't want. I can not download an antivirus because of the missing mfc110u.dll. Any ideas? Help!

Thanks


See More: i cant download antivirus because i am missing mfc110u.dll

Report •

#1
January 26, 2014 at 13:03:28
✔ Best Answer
Sounds like you are infected.

Please download Farbar Recovery Scan Tool and save it to your Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please Copy and Paste the contents into your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please Copy and Paste the contents into your reply. If too large, upload the logs to a site of your choosing, or use Image Uploader.

I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

message edited by Johnw


Report •

#2
January 26, 2014 at 13:42:53
Thanks for the info John! I will try what you have said and let you know if that solves the problem.

Cheers,

Wozza...


Report •

#3
January 26, 2014 at 14:03:08
Hey John, Warren here again. I've followed the instructions you gave me but I'm not sure what you mean about copying and pasting the contents into my reply. Who am I replying to? Sos for being an idiot, I'm not great with computers!

Thanks,

Warren...


Report •

Related Solutions

#4
January 26, 2014 at 14:59:09
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03
Ran by Warren (administrator) on WARREN-PC on 26-01-2014 21:46:49
Running from C:\Users\Warren\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/dow...
Download link for 64-Bit Version: http://www.bleepingcomputer.com/dow...
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
(Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
() C:\Program Files\WebSparkle\updateWebSparkle.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
() C:\Program Files\AVG Nation toolbar\vprot.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Windows\System32\C2MP\TrayMenu.exe
() C:\Windows\System32\C2MP\UpdateChecker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(BitTorrent Inc.) C:\Users\Warren\AppData\Roaming\uTorrent\uTorrent.exe
(Spigot, Inc.) C:\Users\Warren\AppData\Roaming\Search Protection\SearchProtection.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\WebSparkle\bin\utilWebSparkle.exe
(Farbar) C:\Users\Warren\Desktop\FARBAR.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Nation toolbar\vprot.exe [2485064 2014-01-07] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1384256 2014-01-16] (Spigot, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [SearchProtection] - C:\Users\Warren\AppData\Roaming\Search Protection\SearchProtection.EXE [838984 2014-01-16] (Spigot, Inc.)
MountPoints2: {b126365a-1463-11e3-be4b-00262d7fbb95} - E:\IVDApp.exe
MountPoints2: {cae07bb2-532a-11e0-8396-00262d7fbb95} - E:\LaunchU3.exe -a
AppInit_DLLs: c:\progra~1\suppor~1\suppor~1.dll => C:\Program Files\Supporter\Supporter.dll [4215808 2014-01-13] ()
IFEO\kwikmedia.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.search.yahoo.com/?type=71...
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF975FF810510CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?u...
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?u...
URLSearchHook: HKCU - SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\8.6\searchmeToolbarIE.dll (Spigot, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_sour...
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?u...
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?u...
SearchScopes: HKCU - DefaultScope {EEC378D8-D16F-468D-A878-7B0E151CF405} URL = http://es.search.yahoo.com/search?f...
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=c...
SearchScopes: HKCU - {EEC378D8-D16F-468D-A878-7B0E151CF405} URL = http://es.search.yahoo.com/search?f...
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WebSparkle - {9f56bab3-2739-40ed-a8d0-1451657a9742} - C:\Program Files\WebSparkle\WebSparklebho.dll (WebSparkle)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\8.6\searchmeToolbarIE.dll (Spigot, Inc.)
BHO: SaveClicker - {D7D7E170-68DC-6501-6FCA-2BDB32C8FDBB} - C:\Program Files\SaveClicker\JNq6.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\8.6\searchmeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} http://dizun95pzobbc.cloudfront.net...
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji...
DPF: {99E63F21-514B-4C2B-9170-D25D54F65D5B} http://dizun95pzobbc.cloudfront.net...
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default
FF user.js: detected! => C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\user.js
FF NewTab: hxxp://es.search.yahoo.com/?type=888596&fr=spigot-yhp-ff
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://es.search.yahoo.com/?type=888596&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: SaveClicker - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\Extensions\iy3zwd0wuo@feuhtksrq.net [2014-01-13]
FF Extension: Start Page - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-01-26]
FF Extension: WebSparkle - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\Extensions\firefox@websparkle.biz.xpi [2014-01-25]
FF Extension: Tab Utilities - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\Extensions\tabutils@ithinc.cn.xpi [2011-07-07]
FF Extension: New Tab Homepage - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2011-07-10]
FF Extension: Adblock Plus - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-10-21]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 [2014-01-07]

Chrome:
=======
CHR HomePage: hxxp://es.search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://es.search.yahoo.com/?type=714647&fr=spigot-yhp-ch"
CHR DefaultSearchKeyword: start.iminent.com
CHR DefaultSearchProvider: StartWeb
CHR DefaultSearchURL: http://start.iminent.com/?appId=3D9...
CHR DefaultNewTabURL:
CHR Extension: (Entanglement Web App) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-19]
CHR Extension: (SaveClicker) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbkbiajhmlcoohfpbpefkolgchkmnjk [2014-01-13]
CHR Extension: (SaveClicker) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghkpjnkngbpndalipkmokmjboplhema [2014-01-13]
CHR Extension: (Skype Click to Call) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-11-14]
CHR Extension: (Poppit) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-19]
CHR Extension: (Google Wallet) - C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

========================== Services (Whitelisted) =================

R2 40030ae4; C:\Program Files\Supporter\SupporterSvc.dll [179024 2014-01-13] ()
R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2014-01-16] (Spigot, Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
R2 Update WebSparkle; C:\Program Files\WebSparkle\updateWebSparkle.exe [102176 2014-01-25] ()
R2 Util WebSparkle; C:\Program Files\WebSparkle\bin\utilWebSparkle.exe [102176 2014-01-26] ()
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1770312 2014-01-07] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [25600 2009-07-03] (Alcor Micro, Corp.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-29] ()
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 21:46 - 2014-01-26 21:48 - 00020372 _____ C:\Users\Warren\Desktop\FRST.txt
2014-01-26 21:46 - 2014-01-26 21:46 - 00000000 ____D C:\FRST
2014-01-26 21:45 - 2014-01-26 21:45 - 01222656 _____ (Farbar) C:\Users\Warren\Desktop\FARBAR.exe
2014-01-26 21:03 - 2014-01-26 21:37 - 00000224 _____ C:\Windows\setupact.log
2014-01-26 21:03 - 2014-01-26 21:03 - 00000000 _____ C:\Windows\setuperr.log
2014-01-26 19:39 - 2014-01-26 19:39 - 00000857 _____ C:\Users\Warren\Desktop\µTorrent.lnk
2014-01-26 19:39 - 2014-01-26 19:39 - 00000837 _____ C:\Users\Warren\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-26 19:39 - 2014-01-26 19:39 - 00000000 ____D C:\Users\Warren\AppData\Roaming\Search Protection
2014-01-26 19:19 - 2014-01-26 19:19 - 00000000 ____D C:\Program Files\Open Freely
2014-01-26 19:17 - 2014-01-26 20:22 - 00000000 ____D C:\Program Files\WebSparkle
2014-01-26 19:17 - 2014-01-26 19:22 - 00000330 _____ C:\Windows\Tasks\dsmonitor.job
2014-01-26 19:17 - 2014-01-26 19:17 - 00001155 _____ C:\Users\Public\Desktop\DriverScanner.lnk
2014-01-26 19:17 - 2014-01-26 19:17 - 00000000 ____D C:\Users\Warren\AppData\Roaming\Uniblue
2014-01-26 19:17 - 2014-01-26 19:17 - 00000000 ____D C:\Program Files\Uniblue
2014-01-26 19:14 - 2014-01-26 19:14 - 00533584 _____ (InstallX, LLC) C:\Users\Warren\Desktop\openfreely_setup_356.exe
2014-01-26 19:04 - 2014-01-26 19:04 - 04995416 _____ (Microsoft Corporation) C:\Users\Warren\Desktop\mfc110u.dll
2014-01-26 17:49 - 2014-01-26 17:49 - 00000000 ____D C:\Program Files\SearchMe Toolbar
2014-01-26 17:49 - 2014-01-26 17:49 - 00000000 ____D C:\Program Files\Common Files\Spigot
2014-01-26 17:49 - 2014-01-26 17:49 - 00000000 ____D C:\Program Files\Application Updater
2014-01-26 17:48 - 2014-01-26 17:48 - 22106944 _____ (Windows 7 - Codec Pack) C:\Users\Warren\Desktop\windows.7.codec.pack.v4.0.8.setup.exe
2014-01-26 16:36 - 2013-11-25 14:44 - 00017344 _____ (Dll-Files.com) C:\Windows\system32\roboot.exe
2014-01-26 12:26 - 2013-11-27 01:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-26 12:26 - 2013-11-27 01:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-26 12:26 - 2013-11-27 01:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-26 12:26 - 2013-11-27 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-26 12:26 - 2013-11-27 01:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-26 12:26 - 2013-11-27 01:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-26 12:26 - 2013-11-27 01:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-26 12:26 - 2013-11-26 11:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-26 12:26 - 2013-11-26 10:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Warren\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Warren\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\ProgramData\SaveClicker
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\ProgramData\f62088b77dab2880
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Program Files\Supporter
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Program Files\SaveClicker
2014-01-11 11:04 - 2014-01-11 11:05 - 00000000 ____D C:\Windows\rescache
2014-01-10 20:26 - 2014-01-10 20:26 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-10 20:26 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-01-10 20:24 - 2014-01-10 20:25 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-10 20:24 - 2014-01-10 20:25 - 00000000 ____D C:\Program Files\iTunes
2014-01-10 20:24 - 2014-01-10 20:24 - 00000000 ____D C:\Program Files\iPod
2014-01-10 20:21 - 2014-01-10 20:21 - 00000000 ____D C:\Program Files\Bonjour
2014-01-10 20:18 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-10 20:18 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-10 20:16 - 2013-10-25 04:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-10 20:16 - 2013-10-25 04:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-10 20:16 - 2013-10-25 04:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-10 20:16 - 2013-10-25 04:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-10 20:16 - 2013-10-25 04:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-10 20:16 - 2013-10-25 03:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-10 20:16 - 2013-10-25 02:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-10 20:14 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-10 20:13 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-10 20:13 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-10 20:13 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-10 20:13 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-10 20:13 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-10 20:13 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-10 20:13 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-10 20:13 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-01-10 20:13 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-01-10 20:13 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-01-10 20:13 - 2013-10-04 01:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-10 20:13 - 2013-10-04 01:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-10 20:13 - 2013-09-25 02:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-01-10 20:13 - 2013-09-25 02:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-10 20:13 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-10 20:13 - 2013-09-25 01:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-01-10 20:13 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-10 20:13 - 2013-09-25 01:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-10 20:13 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-10 20:13 - 2013-09-25 00:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-10 20:13 - 2013-09-25 00:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-01-10 20:13 - 2013-07-04 12:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-01-10 20:12 - 2014-01-10 20:16 - 98633040 _____ (Apple Inc.) C:\Users\Warren\Desktop\iTunesSetup.exe
2014-01-10 20:12 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-01-10 20:12 - 2013-10-12 02:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-10 20:12 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-10 20:12 - 2013-10-03 01:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-10 20:10 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

==================== One Month Modified Files and Folders =======

2014-01-26 21:48 - 2014-01-26 21:46 - 00020372 _____ C:\Users\Warren\Desktop\FRST.txt
2014-01-26 21:47 - 2010-08-17 16:32 - 00000000 ____D C:\Users\Warren\AppData\Roaming\uTorrent
2014-01-26 21:46 - 2014-01-26 21:46 - 00000000 ____D C:\FRST
2014-01-26 21:45 - 2014-01-26 21:45 - 01222656 _____ (Farbar) C:\Users\Warren\Desktop\FARBAR.exe
2014-01-26 21:42 - 2010-08-20 16:09 - 00000000 ____D C:\Users\Warren\AppData\Roaming\Skype
2014-01-26 21:37 - 2014-01-26 21:03 - 00000224 _____ C:\Windows\setupact.log
2014-01-26 21:03 - 2014-01-26 21:03 - 00000000 _____ C:\Windows\setuperr.log
2014-01-26 21:01 - 2010-08-20 16:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 20:50 - 2012-07-10 00:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 20:41 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-26 20:22 - 2014-01-26 19:17 - 00000000 ____D C:\Program Files\WebSparkle
2014-01-26 19:58 - 2010-08-19 08:41 - 00000000 ____D C:\Users\Warren\AppData\Roaming\Media Player Classic
2014-01-26 19:54 - 2010-08-17 03:42 - 01984799 ____N C:\Windows\WindowsUpdate.log
2014-01-26 19:39 - 2014-01-26 19:39 - 00000857 _____ C:\Users\Warren\Desktop\µTorrent.lnk
2014-01-26 19:39 - 2014-01-26 19:39 - 00000837 _____ C:\Users\Warren\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-26 19:39 - 2014-01-26 19:39 - 00000000 ____D C:\Users\Warren\AppData\Roaming\Search Protection
2014-01-26 19:32 - 2009-07-14 04:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 19:32 - 2009-07-14 04:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 19:22 - 2014-01-26 19:17 - 00000330 _____ C:\Windows\Tasks\dsmonitor.job
2014-01-26 19:22 - 2010-08-20 16:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 19:22 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 19:19 - 2014-01-26 19:19 - 00000000 ____D C:\Program Files\Open Freely
2014-01-26 19:17 - 2014-01-26 19:17 - 00001155 _____ C:\Users\Public\Desktop\DriverScanner.lnk
2014-01-26 19:17 - 2014-01-26 19:17 - 00000000 ____D C:\Users\Warren\AppData\Roaming\Uniblue
2014-01-26 19:17 - 2014-01-26 19:17 - 00000000 ____D C:\Program Files\Uniblue
2014-01-26 19:14 - 2014-01-26 19:14 - 00533584 _____ (InstallX, LLC) C:\Users\Warren\Desktop\openfreely_setup_356.exe
2014-01-26 19:04 - 2014-01-26 19:04 - 04995416 _____ (Microsoft Corporation) C:\Users\Warren\Desktop\mfc110u.dll
2014-01-26 18:51 - 2011-07-14 15:10 - 00000000 ____D C:\Users\Warren\Downloads\Incomplete Torrents
2014-01-26 18:51 - 2011-07-14 15:08 - 00000000 ____D C:\Users\Warren\Downloads\Completed Torrents
2014-01-26 18:30 - 2010-08-16 19:57 - 00786764 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 17:49 - 2014-01-26 17:49 - 00000000 ____D C:\Program Files\SearchMe Toolbar
2014-01-26 17:49 - 2014-01-26 17:49 - 00000000 ____D C:\Program Files\Common Files\Spigot
2014-01-26 17:49 - 2014-01-26 17:49 - 00000000 ____D C:\Program Files\Application Updater
2014-01-26 17:49 - 2013-03-27 11:47 - 00000000 ____D C:\Windows\system32\C2MP
2014-01-26 17:48 - 2014-01-26 17:48 - 22106944 _____ (Windows 7 - Codec Pack) C:\Users\Warren\Desktop\windows.7.codec.pack.v4.0.8.setup.exe
2014-01-26 17:22 - 2013-11-24 23:23 - 00000830 _____ C:\Windows\system32\InstallUtil.InstallLog
2014-01-26 17:21 - 2013-11-24 23:23 - 00000000 ____D C:\Program Files\IminentToolbar
2014-01-26 16:38 - 2011-06-11 00:58 - 05601616 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2014-01-26 15:25 - 2009-07-14 04:33 - 00409752 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-26 12:42 - 2010-08-17 01:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-26 12:39 - 2013-09-21 20:55 - 00000000 ____D C:\Windows\system32\MRT
2014-01-26 12:31 - 2010-08-17 14:45 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 19:33 - 2010-08-17 14:32 - 00000000 ____D C:\Users\Warren\Documents\School
2014-01-19 10:28 - 2013-09-05 19:13 - 08404712 _____ C:\Windows\system32\avcodec-52.dll
2014-01-19 10:28 - 2013-09-05 19:13 - 01899080 _____ C:\Windows\system32\avformat-52.dll
2014-01-19 10:28 - 2013-09-05 19:13 - 01335296 _____ C:\Windows\system32\p2pfilter.dll
2014-01-19 10:28 - 2013-09-05 19:13 - 00614436 _____ C:\Windows\system32\swscale-0.dll
2014-01-19 10:28 - 2013-09-05 19:13 - 00365248 _____ C:\Windows\system32\avutil-50.dll
2014-01-19 10:28 - 2013-09-05 19:13 - 00299008 _____ C:\Windows\system32\DSPlayer.dll
2014-01-19 10:28 - 2013-09-05 19:13 - 00105016 _____ C:\Windows\system32\avdevice-52.dll
2014-01-19 10:28 - 2013-09-05 19:13 - 00056040 _____ C:\Windows\system32\avcore-0.dll
2014-01-17 22:00 - 2010-08-21 14:00 - 00000000 ____D C:\Users\Warren\AppData\Roaming\dvdcss
2014-01-17 17:53 - 2012-07-26 15:06 - 00000000 ____D C:\Users\Warren\Desktop\Films
2014-01-15 22:20 - 2011-01-30 22:57 - 00000000 ____D C:\Users\Warren\AppData\Roaming\vlc
2014-01-15 21:06 - 2010-08-20 16:10 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Warren\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Warren\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Guest
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Users\Administrator
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\ProgramData\SaveClicker
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\ProgramData\f62088b77dab2880
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Program Files\Supporter
2014-01-13 00:15 - 2014-01-13 00:15 - 00000000 ____D C:\Program Files\SaveClicker
2014-01-13 00:15 - 2010-08-20 16:08 - 00000000 ____D C:\Users\Warren\AppData\Local\Google
2014-01-11 11:05 - 2014-01-11 11:04 - 00000000 ____D C:\Windows\rescache
2014-01-10 23:07 - 2013-11-16 20:01 - 00000000 ____D C:\Users\Warren\AppData\Roaming\Azureus
2014-01-10 20:53 - 2013-11-16 20:00 - 00000000 _____ C:\END
2014-01-10 20:26 - 2014-01-10 20:26 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-10 20:25 - 2014-01-10 20:24 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-10 20:25 - 2014-01-10 20:24 - 00000000 ____D C:\Program Files\iTunes
2014-01-10 20:24 - 2014-01-10 20:24 - 00000000 ____D C:\Program Files\iPod
2014-01-10 20:24 - 2010-08-17 01:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-10 20:23 - 2010-08-17 01:37 - 00000000 ____D C:\ProgramData\Apple
2014-01-10 20:21 - 2014-01-10 20:21 - 00000000 ____D C:\Program Files\Bonjour
2014-01-10 20:16 - 2014-01-10 20:12 - 98633040 _____ (Apple Inc.) C:\Users\Warren\Desktop\iTunesSetup.exe
2014-01-07 22:58 - 2013-10-06 09:41 - 00001704 _____ C:\Program Files\Mozilla Firefoxnation-secure-search.xml
2014-01-07 22:57 - 2013-10-06 09:41 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2014-01-07 22:57 - 2013-10-06 09:41 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2014-01-07 22:57 - 2013-10-06 09:41 - 00000000 ____D C:\Program Files\AVG Nation toolbar
2013-12-27 00:28 - 2009-07-14 04:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Warren\AppData\Local\Temp\SCC.dll
C:\Users\Warren\AppData\Local\Temp\SymCCIS.dll
C:\Users\Warren\AppData\Local\Temp\utt1B02.tmp.exe
C:\Users\Warren\AppData\Local\Temp\uttA1EB.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 21:53

==================== End Of Log ============================


Report •

#5
January 26, 2014 at 15:00:15
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-01-2014 03
Ran by Warren at 2014-01-26 21:48:53
Running from C:\Users\Warren\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 4.65 (Version: - )
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (Version: 11.0.02 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (Version: 1.5.17.05103 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 1.5.17.05103 - Alcor Micro Corp.) Hidden
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (Version: 3.0.782.0 - ATI Technologies, Inc.)
AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG Nation toolbar (Version: 17.3.0.49 - InfoSpace)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (Version: - )
Canon MP Navigator EX 3.0 (Version: - )
Canon MP270 series MP Drivers (Version: - )
Canon MP270 series User Registration (Version: - )
Canon Utilities Easy-PhotoPrint EX (Version: - )
Canon Utilities My Printer (Version: - )
Canon Utilities Solution Menu (Version: - )
CCleaner (Version: 2.33 - Piriform)
Classic Adventures The Great Gatsby (Version: 1.0 - AllSmartGames)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (Version: 2.05 - Piriform)
Driver Genius Professional Edition (Version: - Driver-Soft Inc.)
DriverScanner (Version: 4.0.10.0 - Uniblue Systems Ltd)
Easy CD and DVD Cover Creator 4.0 (Version: 4.0 - Ben Williamson)
EVEREST Ultimate Edition v4.20 (Version: 4.20 - Lavalys, Inc.)
Free Opener (Version: 1.4 - EZ Freeware)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
High-Definition Video Playback (Version: 11.1.11500.4.273 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2182 - Intel Corporation)
iRip (Version: 1.0.1.24 - The Little App Factory, LLC.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (Version: 6.0.260 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0 - )
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Core Components 11 (Version: 11.0.16300.1.23 - Nero AG) Hidden
Nero Kwik Media (Version: 1.14.12000.23.100 - Nero AG) Hidden
Nero Kwik Media (Version: 11.2.01100 - Nero AG)
Nero Kwik Media Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.11500.1.5 - Nero AG) Hidden
Nero Update (Version: 11.0.11500.28.0 - Nero AG) Hidden
nero.prerequisites.msi (Version: 11.0.20010 - Nero AG) Hidden
Open Freely (Version: 1.0 - Download Freely, LLC)
PC Connectivity Solution (Version: 10.24.0.0 - Nokia)
QuickTime (Version: 7.69.80.9 - Apple Inc.)
Rapport (Version: 3.5.1304.32 - Trusteer) Hidden
Realtek High Definition Audio Driver (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
SaveClicker (Version: 4.3.0.1648 - SaveClicker)
Search Protection (HKCU Version: 8.5.0.1 - Spigot, Inc.)
SearchMe Toolbar v8.6 (Version: 8.6 - Spigot, Inc.) <==== ATTENTION
Skype Click to Call (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.7 (Version: 6.7.102 - Skype Technologies S.A.)
Supporter 1.80 (Version: - ShoppingChip) <==== ATTENTION
TeamViewer 6 (Version: 6.0.10722 - TeamViewer GmbH)
Trusteer Endpoint Protection (Version: 3.5.1304.32 - Trusteer)
TuneUp Utilities 2011 (Version: 10.0.4300.9 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4300.9 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4200.101 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
VLC media player 1.1.5 (Version: 1.1.5 - VideoLAN)
WebSparkle (Version: 2014.01.25.024532 - WebSparkle)
Winamp (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 Codec Pack 4.0.8 (Version: 4.0.8 - Windows 7 Codec Pack)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (Version: - )

==================== Restore Points =========================

26-01-2014 16:02:38 Scheduled Checkpoint
26-01-2014 17:05:23 DLL-Files Fixer Sun, Jan 26, 14 17:05
26-01-2014 18:14:22 Windows Update
26-01-2014 18:34:46 Windows Update
26-01-2014 19:17:04 Uniblue DriverScanner installation
26-01-2014 19:50:40 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1ED2561E-762B-453A-B89B-9104D4252E3D} - System32\Tasks\{F880EF7E-678A-41C1-ADEC-9FB0D3BCB36A} => C:\Program Files\Skype\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {249576A5-EDD5-4BA4-94F7-63B3F984F2F2} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08] (Sun Microsystems, Inc.)
Task: {3DE50635-2BB4-43BC-B561-8854A24AFDF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {4352266F-1581-40E3-A482-23B5247A6A12} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-06-30] (TuneUp Software)
Task: {5055F730-7217-4E0E-B7AA-1F9844F50D0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20] (Google Inc.)
Task: {79D24BA6-F52D-4A73-9B32-B330CC1E2212} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20] (Google Inc.)
Task: {A16C70C0-7997-4D80-A945-D3B485607ACC} - System32\Tasks\dsmonitor => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2013-01-11] (Uniblue Systems Ltd)
Task: {A32C7E05-5B0E-453D-B9FE-3BB05F261BF0} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {D8D5C6BB-83DB-4997-A064-251470D5AC9F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FF2D2A1D-6936-4FC7-88C3-3D39A8AA375B} - System32\Tasks\{13DCCA48-E689-45C8-86EC-F6BA7E9A533A} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.123/...
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2012-03-11 13:50 - 2013-10-29 07:31 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-01-07 22:57 - 2014-01-07 22:57 - 00518472 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2014-01-13 00:15 - 2014-01-13 00:15 - 04215808 _____ () C:\Program Files\Supporter\Supporter.dll
2012-10-21 20:42 - 2013-12-13 21:13 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-11 21:50 - 2013-12-11 21:50 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2014 07:17:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 26.0.0.5087, time stamp: 0x52a0d273
Faulting module name: xul.dll, version: 26.0.0.5087, time stamp: 0x52a0d20a
Exception code: 0xc0000005
Fault offset: 0x0014e1a8
Faulting process id: 0x908
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (01/26/2014 07:17:03 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {54e001c7-2ae4-481b-a0c3-213c2ba60bd6}

Error: (01/26/2014 05:05:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b06f3a75-ecb5-4a55-9998-ada0c9c60895}

Error: (01/23/2014 07:31:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2014 07:27:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (01/22/2014 07:10:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2014 07:06:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (01/22/2014 07:06:34 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume (G:) was not defragmented because an error was encountered: The disk was disconnected from the system. (0x89000011)

Error: (01/21/2014 08:32:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (01/21/2014 08:32:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000


System errors:
=============
Error: (01/26/2014 07:54:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

Error: (01/26/2014 07:22:58 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (01/26/2014 07:22:58 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (01/26/2014 07:22:15 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%1053

Error: (01/26/2014 07:22:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.

Error: (01/26/2014 07:22:15 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

Error: (01/26/2014 07:22:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

Error: (01/26/2014 06:38:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

Error: (01/26/2014 06:16:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

Error: (01/26/2014 06:05:58 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 2868.5 MB
Available physical RAM: 1033.69 MB
Total Pagefile: 5735.29 MB
Available Pagefile: 3784.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.36 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:285.3 GB) (Free:8.89 GB) NTFS
Drive g: () (Removable) (Total:14.91 GB) (Free:0.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E51DE51D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================


Report •

#6
January 26, 2014 at 15:53:23
" Who am I replying to?"
Good to see you worked it out.

I will start with these tools, run both of them, Make sure you put & run them from the Desktop.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#7
January 26, 2014 at 16:24:10
Thanks for all your help John! I will have to do it tomorrow now but I will follow your instructions and reply tomorrow. Thanks once again, you've been really helpful.

Cheers!

Warren...


Report •

#8
January 26, 2014 at 16:56:29
Ok, Warren, I wondered if you would be available, your sig indicated you are in UK.
I'm here.
http://www.timeanddate.com/worldclo...

Report •

#9
January 26, 2014 at 22:57:42
Apparently that's a legitimate file and a few sources say it's part of a Visual C++ update:

http://www.microsoft.com/en-us/down...

Try installing that (be sure to get the right version) and see if the error message goes away.


Report •

#10
January 27, 2014 at 00:25:37
First things first Warren, lets get you clean & then we go from there.

Report •

#11
January 27, 2014 at 09:51:20
Ok John, I am about to follow your instructions from yesterday. I'm actually in The Canary Islands, on the west side of Africa but it's the same time zone as England. If you are in Perth you are prob asleep now, but we will resolve this one way or another! Ha ha! Ok, will get on it now and let you know how I get on.

Cheers,

Warren...


Report •

#12
January 27, 2014 at 09:52:32
Thanks for the advice Dave, it may help. Will keep you posted.
Thanks once again,

Warren...


Report •

#13
January 27, 2014 at 10:30:00
You're welcome. You mention the missing file is preventing you from downloading some AV software. Apparently AVG ( if that's what you use) can generate that message too. The solution is to completely remove it and then reinstall it:

http://answers.microsoft.com/en-us/...

and:

http://answers.microsoft.com/en-us/...

It shouldn't matter how you get the file installed, whether from an AVG install or the Visual C++ update.


Report •

#14
January 27, 2014 at 10:37:55
# AdwCleaner v3.017 - Report created 27/01/2014 at 18:31:59
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Warren - WARREN-PC
# Running from : C:\Users\Warren\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater
Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Nation toolbar
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\AVG Nation toolbar
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\IminentToolbar
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\SearchMe Toolbar
Folder Deleted : C:\Program Files\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Warren\AppData\Local\AVG Nation toolbar
Folder Deleted : C:\Users\Warren\AppData\Local\BeamriseUninstall
Folder Deleted : C:\Users\Warren\AppData\Local\lollipop
Folder Deleted : C:\Users\Warren\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Warren\AppData\Local\torch
Folder Deleted : C:\Users\Warren\AppData\LocalLow\AVG Nation toolbar
Folder Deleted : C:\Users\Warren\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Warren\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Warren\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Warren\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\Warren\Documents\Mobogenie
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\driverscanner.lnk
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\searchplugins\iminent.xml
File Deleted : C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\user.js
File Deleted : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\Tasks\dsmonitor.job
File Deleted : C:\Windows\System32\Tasks\dsmonitor

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A16C70C0-7997-4D80-A945-D3B485607ACC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A16C70C0-7997-4D80-A945-D3B485607ACC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ml-ipod_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ml-ipod_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B9C767DD-F66A-40B4-8F12-4199A9A4393C}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\dosearchessoftware
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\prefs.js ]

Line Deleted : user_pref("extensions.iminent.admin", false);
Line Deleted : user_pref("extensions.iminent.aflt", "orgnl");
Line Deleted : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Deleted : user_pref("extensions.iminent.autoRvrt", "false");
Line Deleted : user_pref("extensions.iminent.dfltLng", "");
Line Deleted : user_pref("extensions.iminent.excTlbr", false);
Line Deleted : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.iminent.id", "ec62a84e000000000000c217fe5b9490");
Line Deleted : user_pref("extensions.iminent.instlDay", "16033");
Line Deleted : user_pref("extensions.iminent.instlRef", "");
Line Deleted : user_pref("extensions.iminent.newTab", false);
Line Deleted : user_pref("extensions.iminent.prdct", "iminent");
Line Deleted : user_pref("extensions.iminent.prtnrId", "iminent");
Line Deleted : user_pref("extensions.iminent.rvrt", "false");
Line Deleted : user_pref("extensions.iminent.smplGrp", "none");
Line Deleted : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Deleted : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Deleted : user_pref("extensions.iminent.vrsn", "1.8.26.8");
Line Deleted : user_pref("extensions.iminent.vrsnTs", "1.8.26.823:23:59");
Line Deleted : user_pref("extensions.iminent.vrsni", "1.8.26.8");
Line Deleted : user_pref("extensions.rEkKHP.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};try{new function(){if(null==document.getElementById(\"id_arrrrppd[...]
Line Deleted : user_pref("iminent.LayoutId", "1");
Line Deleted : user_pref("iminent.ShowThankyouPixel", "0");
Line Deleted : user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"ES\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1385335421965259200\"},\"bandcamp\":{\"CountryCode\":\"ES\",\"NoAds\":false,\"Status\[...]
Line Deleted : user_pref("iminent.enabledAds", "false");
Line Deleted : user_pref("iminent.registerToolbarEvent101", "1390650418554");
Line Deleted : user_pref("iminent.registerToolbarEvent102", "1390243828423");
Line Deleted : user_pref("iminent.registerToolbarEvent109", "1390737064378");
Line Deleted : user_pref("iminent.registerToolbarEvent110", "1386436834502");
Line Deleted : user_pref("iminent.registerToolbarEvent111", "1390737064392");
Line Deleted : user_pref("iminent.registerToolbarEvent112", "1390737065664");
Line Deleted : user_pref("iminent.registerToolbarEvent122", "1390737064405");
Line Deleted : user_pref("iminent.registerToolbarEvent140", "1390589484261");
Line Deleted : user_pref("iminent.version", "8.4.3.1");
Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.4.3.1\",\"InstallEventCTime\":1390752830852,\"InstallEvent\":\"True\"}");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Warren\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [19579 octets] - [27/01/2014 18:27:54]
AdwCleaner[R1].txt - [19699 octets] - [27/01/2014 18:30:59]
AdwCleaner[S0].txt - [297 octets] - [27/01/2014 18:30:04]
AdwCleaner[S1].txt - [19495 octets] - [27/01/2014 18:31:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [19556 octets] ##########


Report •

#15
January 27, 2014 at 10:59:46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Warren on 27/01/2014 at 18:43:59.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

Failed to stop: [Service] update websparkle

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f56bab3-2739-40ed-a8d0-1451657a9742}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9f56bab3-2739-40ed-a8d0-1451657a9742}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7D7E170-68DC-6501-6FCA-2BDB32C8FDBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D7D7E170-68DC-6501-6FCA-2BDB32C8FDBB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7D7E170-68DC-6501-6FCA-2BDB32C8FDBB}

~~~ Files

Successfully deleted: [File] "C:\Users\Warren\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"

~~~ Folders

Failed to delete: [Folder] "C:\Program Files\websparkle"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

~~~ FireFox

Successfully deleted the following from C:\Users\Warren\AppData\Roaming\mozilla\firefox\profiles\cwtj4j1w.default\prefs.js

user_pref("extensions.rEkKHP.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};try{new function(){if(null==document.get
Emptied folder: C:\Users\Warren\AppData\Roaming\mozilla\firefox\profiles\cwtj4j1w.default\minidumps [176 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/01/2014 at 18:56:51.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#16
January 27, 2014 at 11:05:53
Ok John, I have done everything you said. I have pasted the log files for the Adwcleaner and for the JRT. What next? I am currently unprotected, no antivirus and no antispyware. I tried to turn on AVG 2014 but it is still telling me that i don't have the programme mfc110u.dll. I await your instructions!

Thanks once again,

Warren.


Report •

#17
January 27, 2014 at 11:08:39
Ok, thanks Dave, much appreciated.

Report •

#18
January 27, 2014 at 11:43:08
I will be going back to bed Warren, try what Dave suggested, remove & reinstall AVG. Here is their tool.

Let me know if any program won't download or install.

AVG Remover(32bit) 2014
http://download.avg.com/filedir/uti...

Or, if that fails.

AVG Remover(32bit) 2013
(avg_remover_stf_x86_2013_3341.exe) 2013.3341 exe May 13, 2013 3 MB
http://download.avg.com/filedir/uti...

Next, regardless of the outcome, run this.

Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.
If you can't find the log, do a search for malwarebytes or look in here.
C:\Users\Pete\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Replace Pete with the User's name.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
Make sure you Uncheck > Enable free trial during install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...

message edited by Johnw


Report •

#19
January 27, 2014 at 14:29:09
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.27.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Warren :: WARREN-PC [administrator]

27/01/2014 22:13:47
mbam-log-2014-01-27 (22-13-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222257
Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{9f56bab3-2739-40ed-a8d0-1451657a9742} (PUP.Optional.WebSparkle.A) -> No action taken.
HKCR\TypeLib\{6832C453-2F06-4A9F-9080-5DDECF242856} (PUP.Optional.WebSparkle.A) -> No action taken.
HKCR\Interface\{6935FA3E-0771-4B2F-A668-8C9CC50A7C90} (PUP.Optional.WebSparkle.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F56BAB3-2739-40ED-A8D0-1451657A9742} (PUP.Optional.WebSparkle.A) -> No action taken.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025} (PUP.Optional.MultiPlug.A) -> No action taken.
HKCU\Software\WebSparkle (PUP.Optional.WebSparkle.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Spyware.Password) -> Bad: (c:\progra~1\suppor~1\suppor~1.dll) Good: () -> Quarantined and repaired successfully.

Folders Detected: 2
C:\ProgramData\SaveClicker (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker (PUP.Optional.SaveClicker.A) -> No action taken.

Files Detected: 14
C:\Program Files\WebSparkle\WebSparkleBHO.dll (PUP.Optional.WebSparkle.A) -> No action taken.
C:\ProgramData\SaveClicker\xrQ7s.exe (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Users\Warren\Desktop\openfreely_setup_356.exe (PUP.Optional.InstallIQ) -> No action taken.
C:\Users\Warren\Desktop\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Warren\Desktop\freeopener_715.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Warren\AppData\Local\Temp\utt1B02.tmp.exe (PUP.Optional.SearchProtection.A) -> No action taken.
C:\ProgramData\SaveClicker\xrQ7s.dat (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.tlb (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.dat (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.dll (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.x64.dll (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\Supporter\Supporter.dll (Spyware.Password) -> Delete on reboot.
C:\Program Files\Supporter\SupporterSvc.dll (Trojan.SProtector) -> Delete on reboot.
C:\Users\Warren\Desktop\FLVPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)


Report •

#20
January 27, 2014 at 14:38:17
Refer my post #18 No Action Taken.

Did you take action?


Report •

#21
January 27, 2014 at 14:56:09
Hey John, think I have sorted all my problems! I ran the anti-malware programme, deleted AVG and re-installed it. I have posted the log for the anti-malware. Fingers crossed! Would you recommend anything else? I must say, you have been absolutely fantastic with your advice, a real pro. I will definitely recommend this site to all my mates! I didn't think it was possible to get such expert advice for free! If I ever get over to Australia I will buy you a beer or three! Awesome advice my friend, thanks once again. Will let you know if everything is working ok.
Thanks once again,
Cheers,
all the best,

Warren...


Report •

#22
January 27, 2014 at 14:58:49
Thanks Dave, think everything is sorted now! Fingers crossed!
Will be recommending this site to all my buddies, you are a bunch of pros!
Awesome man,
thanks for all,

Warren...


Report •

#23
January 27, 2014 at 15:00:24
You still have stuff lurking Warren, refer my last post, if you want to fix before bed.

http://www.timeanddate.com/worldclo...


Report •

#24
January 27, 2014 at 15:34:02
Not sure what you mean John, I've done everything you said on post 18....

Report •

#25
January 27, 2014 at 15:39:11
"I've done everything you said on post 18...."

Scroll down your post #19 Warren.

Lets try this way, there are other ways if this fails.

1: Please download Rkill from any one of these links and save it to your Desktop. Copy & Paste the contents of the log in your reply.
http://www.technibble.com/rkill-rep...
Rkill.com
http://download.bleepingcomputer.co...
Rkill.scr
http://download.bleepingcomputer.co...
Rkill.pif
http://download.bleepingcomputer.co...
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

2: Update Malwarebytes & run again.

message edited by Johnw


Report •

#26
January 27, 2014 at 16:15:03
Hey John, I have updated malwarebytes & ran it again. I have also ran Rkill. Anything else?

Report •

#27
January 27, 2014 at 16:16:40
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 01/27/2014 11:53:47 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to !
* HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/28/2014 12:11:25 AM
Execution time: 0 hours(s), 17 minute(s), and 37 seconds(s)


Report •

#28
January 27, 2014 at 16:17:29
"Hey John, I have updated malwarebytes & ran it again. I have also ran Rkill. Anything else?"

Logs please.


Report •

#29
January 27, 2014 at 16:57:04
Latest malwarebytes log please.

Report •

#30
January 28, 2014 at 11:57:14
I have posted the logs for Rkill in post 27. Here is the log for the 2nd MalwareBytes scan. I have removed the malicious software it found and I have dowloaded AVG antivirus again. The original message that i was getting about not having mfc110u.dll no longer comes on when I start up my computer. Oh, I just remembered, the 2nd Malware bytes scan I did with my AVG antivirus turned on. Is that ok? Is there anything else I need to do John? Here is the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.27.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Warren :: WARREN-PC [administrator]

28/01/2014 00:23:04
Log for John.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223871
Time elapsed: 1 hour(s), 10 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{9f56bab3-2739-40ed-a8d0-1451657a9742} (PUP.Optional.WebSparkle.A) -> No action taken.
HKCR\TypeLib\{6832C453-2F06-4A9F-9080-5DDECF242856} (PUP.Optional.WebSparkle.A) -> No action taken.
HKCR\Interface\{6935FA3E-0771-4B2F-A668-8C9CC50A7C90} (PUP.Optional.WebSparkle.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F56BAB3-2739-40ED-A8D0-1451657A9742} (PUP.Optional.WebSparkle.A) -> No action taken.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> No action taken.
HKCU\Software\WebSparkle (PUP.Optional.WebSparkle.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\SaveClicker (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker (PUP.Optional.SaveClicker.A) -> No action taken.

Files Detected: 8
C:\Program Files\WebSparkle\WebSparkleBHO.dll (PUP.Optional.WebSparkle.A) -> No action taken.
C:\Users\Warren\Desktop\openfreely_setup_356.exe (PUP.Optional.InstallIQ) -> No action taken.
C:\Users\Warren\Desktop\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Warren\Desktop\freeopener_715.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Warren\AppData\Local\Temp\utt1B02.tmp.exe (PUP.Optional.SearchProtection.A) -> No action taken.
C:\ProgramData\SaveClicker\xrQ7s.dat (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.tlb (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.dat (PUP.Optional.SaveClicker.A) -> No action taken.

(end)


Report •

#31
January 28, 2014 at 12:03:00
Here is the Malware log after I removed the threats. What next John?

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.27.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Warren :: WARREN-PC [administrator]

28/01/2014 00:23:04
Log for John.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223871
Time elapsed: 1 hour(s), 10 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{9f56bab3-2739-40ed-a8d0-1451657a9742} (PUP.Optional.WebSparkle.A) -> No action taken.
HKCR\TypeLib\{6832C453-2F06-4A9F-9080-5DDECF242856} (PUP.Optional.WebSparkle.A) -> No action taken.
HKCR\Interface\{6935FA3E-0771-4B2F-A668-8C9CC50A7C90} (PUP.Optional.WebSparkle.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F56BAB3-2739-40ED-A8D0-1451657A9742} (PUP.Optional.WebSparkle.A) -> No action taken.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> No action taken.
HKCU\Software\WebSparkle (PUP.Optional.WebSparkle.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\SaveClicker (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker (PUP.Optional.SaveClicker.A) -> No action taken.

Files Detected: 8
C:\Program Files\WebSparkle\WebSparkleBHO.dll (PUP.Optional.WebSparkle.A) -> No action taken.
C:\Users\Warren\Desktop\openfreely_setup_356.exe (PUP.Optional.InstallIQ) -> No action taken.
C:\Users\Warren\Desktop\winamp563_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Warren\Desktop\freeopener_715.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Warren\AppData\Local\Temp\utt1B02.tmp.exe (PUP.Optional.SearchProtection.A) -> No action taken.
C:\ProgramData\SaveClicker\xrQ7s.dat (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.tlb (PUP.Optional.SaveClicker.A) -> No action taken.
C:\Program Files\SaveClicker\JNq6.dat (PUP.Optional.SaveClicker.A) -> No action taken.

(end)


Report •

#32
January 28, 2014 at 13:03:21
"Here is the Malware log after I removed the threats. What next John?"
We have to find a way of removing all those files that say > No action taken.

Here are the next steps Warren.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

2: Reboot

3: Run Defogger & then Combofix.
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
Please download DeFogger and save it to your Desktop
Once downloaded, double-click on the DeFogger icon to start the tool.
Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.

Download ComboFix to your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#33
January 28, 2014 at 14:24:58
Do I need to disable AVG when I do this?

Report •

#34
January 28, 2014 at 14:34:16
It's in the instructions, best you print them out.

"* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic"


Report •

#35
January 29, 2014 at 08:30:23
Hey John, I closed all my protection and started running the programme 'Unhide', as you advised. It has been running for 20 hours now, I left it on through the night and today whilst I was at work. Is this normal?

Thanks,

Warren...


Report •

#36
January 29, 2014 at 09:55:31
Unhide, No it's not Warren

Stop Unhide & move straight onto Combofix, our aim is to dismantle the malware, bit by bit.

Back to bed,for me.

message edited by Johnw


Report •

#37
January 29, 2014 at 16:19:17
Hey John, here are the logs for Defogger and Combofix. My antivirus/firewall is still disabled. I await futher instructions. Thanks for all your help the way. Cheers.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:17 on 29/01/2014 (Warren)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:17 on 29/01/2014 (Warren)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:17 on 29/01/2014 (Warren)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:17 on 29/01/2014 (Warren)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


Report •

#38
January 29, 2014 at 16:41:09
Hey John, I tried to copy the combofix log here but the file was too large so I did what you said. I 'think' I have uploaded it onto the site you were talking about where you can upload files. It's saved on my desktop as 'MD Image uploader' and the link is called 'Warren's CombiFix', but I may have not done it correctly, as, like I said, I'm not an expert, (and also very tired). Hopefully you can open it but if not then I have the log file saved on my desktop so I will have another go tomorrow after some sleep.

Ok, cheers man,
thanks,
laterz,
Warren...


Report •

#39
January 29, 2014 at 16:57:25
Yep tomorrow when you are fresh Warren.

I did give you the wrong 2nd image, here they are again.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

With the log, you don't have to upload it to load.to, any site of your choosing will do, as long as you give me the link, so I can download it.

Or,

Break the contents up into smaller pieces, so computing net accepts each piece.


Report •

#40
January 29, 2014 at 17:10:04
This is the link John! I'm goin to bed!

http://www.load.to/ucTzTl9mkU/Warre...


Report •

#41
January 29, 2014 at 18:38:11
Looked good Warren, but no file in that link.

Report •

#42
January 30, 2014 at 09:07:37
http://www.load.to/QcD4WqY1iO/Warre...

Here's the link John. Think I've done it properly this time! Let me know if you can see it. Also, I am unprotected, awaiting your instructions. Hopefully I am clean but I will let you be the judge of that.

Speak later,

Thanks,

Warren...


Report •

#43
January 30, 2014 at 09:12:45
ComboFix 14-01-29.01 - Warren 29/01/2014 23:37:55.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2868.1932 [GMT 0:00]
Running from: c:\users\Warren\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Warren\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Warren\Documents\~WRL3605.tmp
c:\windows\system32\avdevice-52.dll
c:\windows\system32\avutil-50.dll
c:\windows\system32\swscale-0.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-30 )))))))))))))))))))))))))))))))
.
.
2014-01-30 00:01 . 2014-01-30 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-27 22:45 . 2014-01-27 22:45 -------- d-----w- c:\users\Warren\AppData\Roaming\AVG2014
2014-01-27 22:43 . 2014-01-27 22:45 -------- d-----w- c:\programdata\AVG2014
2014-01-27 22:43 . 2014-01-27 22:43 -------- d-----w- C:\$AVG
2014-01-27 22:41 . 2014-01-27 22:41 -------- d-----w- c:\program files\AVG
2014-01-27 22:37 . 2014-01-29 21:44 -------- d-----w- c:\programdata\MFAData
2014-01-27 22:37 . 2014-01-27 23:08 -------- d-----w- c:\users\Warren\AppData\Local\Avg2014
2014-01-27 22:37 . 2014-01-27 22:37 -------- d-----w- c:\users\Warren\AppData\Local\MFAData
2014-01-27 22:12 . 2014-01-27 22:12 -------- d-----w- c:\users\Warren\AppData\Roaming\Malwarebytes
2014-01-27 22:12 . 2014-01-27 22:12 -------- d-----w- c:\programdata\Malwarebytes
2014-01-27 22:12 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-27 22:12 . 2014-01-27 22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-27 21:36 . 2014-01-27 21:36 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D89A27DF-73C8-4749-8F27-469824049EE1}\offreg.dll
2014-01-27 18:43 . 2014-01-27 18:43 -------- d-----w- c:\windows\ERUNT
2014-01-27 18:26 . 2014-01-27 18:32 -------- d-----w- C:\AdwCleaner
2014-01-27 18:23 . 2013-12-16 01:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D89A27DF-73C8-4749-8F27-469824049EE1}\mpengine.dll
2014-01-26 22:30 . 2014-01-26 22:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-01-26 22:30 . 2014-01-26 22:30 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-01-26 22:30 . 2014-01-26 22:30 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-26 22:30 . 2014-01-26 22:30 126464 ----a-w- c:\program files\Internet Explorer\perfcore.dll
2014-01-26 22:30 . 2014-01-26 22:30 1052672 ----a-w- c:\program files\Internet Explorer\perf_nt.dll
2014-01-26 21:46 . 2014-01-26 21:46 -------- d-----w- C:\FRST
2014-01-26 19:19 . 2014-01-26 19:19 -------- d-----w- c:\program files\Open Freely
2014-01-26 19:17 . 2014-01-28 20:00 -------- d-----w- c:\program files\WebSparkle
2014-01-26 19:17 . 2014-01-27 18:32 -------- d-----w- c:\users\Warren\AppData\Roaming\Uniblue
2014-01-26 19:17 . 2014-01-27 18:32 -------- d-----w- c:\program files\Uniblue
2014-01-26 18:41 . 2014-01-26 18:41 -------- d-----w- c:\users\Warren\AppData\Local\ElevatedDiagnostics
2014-01-26 18:26 . 2014-01-26 18:26 -------- d-----w- c:\windows\Migration
2014-01-26 16:36 . 2014-01-26 16:36 -------- d-----w- c:\programdata\Logs
2014-01-26 16:25 . 2014-01-26 16:25 -------- d-----w- c:\users\Warren\AppData\Local\Programs
2014-01-26 12:26 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-26 12:26 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-26 12:26 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-26 12:26 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-26 12:26 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-26 12:26 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-26 12:26 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-26 12:26 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-26 12:26 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-13 00:15 . 2014-01-27 22:30 -------- d-----w- c:\program files\Supporter
2014-01-13 00:15 . 2014-01-13 00:15 -------- d-----w- c:\programdata\f62088b77dab2880
2014-01-13 00:15 . 2014-01-13 00:15 -------- d-----w- c:\users\Warren\AppData\Local\Comodo
2014-01-13 00:15 . 2014-01-13 00:15 -------- d-----w- c:\users\HomeGroupUser$
2014-01-13 00:15 . 2014-01-13 00:15 -------- d-----w- c:\users\Guest
2014-01-13 00:15 . 2014-01-13 00:15 -------- d-----w- c:\users\Administrator
2014-01-11 11:04 . 2014-01-27 21:36 -------- d-----w- c:\windows\rescache
2014-01-10 20:26 . 2012-08-21 13:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-01-10 20:24 . 2014-01-10 20:24 -------- d-----w- c:\program files\iPod
2014-01-10 20:24 . 2014-01-10 20:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-10 20:24 . 2014-01-10 20:25 -------- d-----w- c:\program files\iTunes
2014-01-10 20:21 . 2014-01-10 20:21 -------- d-----w- c:\program files\Bonjour
2014-01-10 20:18 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-10 20:18 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-10 20:14 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-01-10 20:12 . 2013-10-03 01:58 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-01-10 20:12 . 2013-10-12 02:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-10 20:12 . 2013-10-12 02:03 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-01-10 20:12 . 2013-10-12 02:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-01-10 20:10 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-26 16:38 . 2011-06-11 00:58 5601616 ----a-w- c:\windows\system32\mfc100u.dll
2014-01-19 10:28 . 2013-09-05 19:13 1335296 ----a-w- c:\windows\system32\p2pfilter.dll
2014-01-19 10:28 . 2013-09-05 19:13 8404712 ----a-w- c:\windows\system32\avcodec-52.dll
2014-01-19 10:28 . 2013-09-05 19:13 56040 ----a-w- c:\windows\system32\avcore-0.dll
2014-01-19 10:28 . 2013-09-05 19:13 1899080 ----a-w- c:\windows\system32\avformat-52.dll
2014-01-19 10:28 . 2013-09-05 19:13 299008 ----a-w- c:\windows\system32\DSPlayer.dll
2013-12-21 22:56 . 2013-12-21 22:56 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-12-18 06:13 . 2010-08-16 20:41 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 21:50 . 2012-07-10 00:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 21:50 . 2012-07-10 00:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-05 21:50 . 2013-11-05 21:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 21:57 . 2013-11-04 21:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackTrayMenu.lnk - c:\windows\System32\C2MP\TrayMenu.exe [2013-2-25 704520]
CodecPackUpdateChecker.lnk - c:\windows\System32\C2MP\UpdateChecker.exe [2013-3-16 46816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent"="c:\users\Warren\Downloads\BitTorrent-7.0.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AmIcoSinglun"=c:\program files\AmIcoSingLun\AmIcoSinglun.exe
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 40030ae4;Supporter;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-03 25600]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-11-25 687400]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-10-24 147768]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-10 27448]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-12-21 107256]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-11-05 120600]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-04 209176]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-17 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-10-31 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-06 37664]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2013-10-29 340432]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-12-21 155704]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-12-21 228888]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-12-21 1444120]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-06-30 1526592]
S2 Update WebSparkle;Update WebSparkle;c:\program files\WebSparkle\updateWebSparkle.exe [2014-01-25 102176]
S2 Util WebSparkle;Util WebSparkle;c:\program files\WebSparkle\bin\utilWebSparkle.exe [2014-01-26 102176]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-06 273960]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-05-31 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 16:22 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 21:50]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 16:08]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 16:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://es.search.yahoo.com/?type=714647&fr=spigot-yhp-ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
DPF: {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} - hxxp://dizun95pzobbc.cloudfront.net/INDBrowser.CAB
DPF: {99E63F21-514B-4C2B-9170-D25D54F65D5B} - hxxp://dizun95pzobbc.cloudfront.net/VBIXDPlayer.CAB
FF - ProfilePath - c:\users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\cwtj4j1w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://es.search.yahoo.com/?type=714647&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AVG-Secure-Search-Update_0214c - c:\users\Warren\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
AddRemove-Search Protection - c:\users\Warren\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*fLÂt\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"

Report •

#44
January 30, 2014 at 09:13:42
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.

Report •

#45
January 30, 2014 at 09:14:35
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"

Report •

#46
January 30, 2014 at 09:15:20
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_25"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_26"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\S-1-5-21-4098741443-1087128996-1363758418-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_02"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-30 00:05:42
ComboFix-quarantined-files.txt 2014-01-30 00:05
.
Pre-Run: 6,098,292,736 bytes free
Post-Run: 6,019,059,712 bytes free
.
- - End Of File - - 2130FBFC20C6D3DD7B19C8E16C574567
A36C5E4F47E84449FF07ED3517B43A31

Report •

#47
January 30, 2014 at 09:16:49
Hey John, I've done it in chunks, like you recommended. I was having problems with the other site. Ok, let me know what you think.

Thanks once again,

Warren...


Report •

#48
January 30, 2014 at 12:53:15
" I've done it in chunks"
Thanks Warren, it has got rid of what it could.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#49
January 30, 2014 at 16:43:47
Hey John, latest log for Rogue Killer. Anything else?

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Warren [Admin rights]
Mode : Remove -- Date : 01/31/2014 00:40:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCEBB333C)
[Inline] EAT @firefox.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @firefox.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @firefox.exe (01a8) : RapportUtil.dll -> HOOKED (Unknown @ 0x5DD17BCA)
[Inline] EAT @firefox.exe (01a9) : RapportUtil.dll -> HOOKED (Unknown @ 0x5DD22C32)
[Inline] EAT @firefox.exe (?UndefinedHandleValue@JS@@3V?$Handle@VValue@JS@@@1@B) : mozjs.dll -> HOOKED (Unknown @ 0x601162B1)
[Inline] EAT @firefox.exe (?singleton@CrossCompartmentWrapper@js@@2V12@A) : mozjs.dll -> HOOKED (Unknown @ 0x481127CC)
[Inline] EAT @firefox.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCEBB333C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] 7a5686d50d7f96074ae3098449a0b399
[BSP] 590f8010d77167a09aadf8575a08e1b6 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 292142 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01312014_004013.txt >>
RKreport[0]_S_01312014_003959.txt


Report •

#50
January 30, 2014 at 17:11:08
Thanks Warren.

After each fix or change we make, let me know how the comp is running. Example: Still cannot turn on AVG 2014.

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop<.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#51
February 2, 2014 at 11:38:40
Hey there John, I haven't had time to run ESET yet, but you asked me to keep you updated on the general running of my computer. Everything seems ok, but a few things have changed. I am being bombarded by pop up ads, no matter which website I am on. It's a bit of a pain. Also, sometimes, (but not all the time), pictures do not load, for example, on Facebook. Apart from that, everything seems fine. I will try to run ESET tonight when I go to bed, (if I can, not sure if my computer is good enough). I will test it out. Ok, cheers, speak later, thanks for all your help,

Warren...


Report •

#52
February 2, 2014 at 14:33:56
Ok Warren, the Malware is doing it's job, but we can beat it.

If ESET gets blocked, we can still get around that, but I think your comp will be able to cope.


Report •

#53
February 2, 2014 at 15:47:30
Hey John, tried to run ESET but I can't run it for some reason. To be honest, I'm gettin f---ed off with the whole thing. Nothing personal to you, but it seems like there's no end to the problem. It might be compunded by the fact that I've got a terrible ear infection at the minute and I'm tryin to kill the pain with a combination of ibuprofen, diazepan, paracetemol, wine and whisky! Ha ha ha! Might be in a better frame of mind tomorrow so I'm going to sign off here and try to get some sleep, if my ear infection allows me! Will speak to over the next couple of days. f---ing malware eh! Oh well, speak later my friend,

thanks once again,

all the best,

Warren...


Report •

#54
February 17, 2014 at 13:43:42
Hey Hohn, how are you? Sorry I've taken so long getting back to you about the ESET scan, just haven't had the time to do it. Anyhows, I ran it and it found no problems. Here's the log file. Thanks for all your help. I'm still getting a lot of pop up ads but apart from that everything appears to be working fine. Let me know if there's anything else you would recommend for me to do.

Thanks once again,

Warren...

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=894ef271ad69ce4c86217c1190f3add8
# engine=17096
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-17 08:08:31
# local_time=2014-02-17 08:08:31 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1765930 145090902 0 0
# scanned=262247
# found=0
# cleaned=0
# scan_time=30588


Report •

#55
February 17, 2014 at 14:24:34
"I'm gettin f---ed off with the whole thing"
Thought you had given up Warren.

Now to deal with the pop-ups, which I assume are in the browser/browsers you use.

Adblock Plus
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
https://addons.mozilla.org/firefox/...
Adblock Plus install SS.
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

message edited by Johnw


Report •

#56
February 17, 2014 at 14:25:48
As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.

message edited by Johnw


Report •

#57
February 17, 2014 at 14:32:03
Download Security Check by screen317 from one of the following links and save it to your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#58
February 17, 2014 at 15:22:15
Hey John, here is the log for the security check. I think I have installed the adblock correctly, but I didn't have to follow the instructions in the second link on message 55. I just downloaded it and now I have what looks like a pair of binoculars at the top of the screen. If I click on it, it reads "Adobe Flash" is enabled on www.computing.net. and asks me if I want to block the plug in or continue allowing. Is this correct?

Ok, thanks,

Warren.


Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
AVG Internet Security 2014
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
CCleaner
Java(TM) 6 Update 26
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 12.0.0.44
Adobe Reader XI
Mozilla Firefox (27.0.1)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#59
February 17, 2014 at 15:31:53
"I just downloaded it and now I have what looks like a pair of binoculars at the top of the screen"
You are only getting partial protection, enable the 3 other items.

"and asks me if I want to block the plug in or continue allowing. Is this correct?"
Enable the 3 items & you are finished, don't touch anything.


Report •

#60
February 17, 2014 at 15:38:10
I don't know what you mean by 'enable the other 3 items'. How?

Report •

#61
February 17, 2014 at 15:43:23
Results of screen317's Security Check version 0.99.79
"Java(TM) 6 Update 26
[color=red][b]Java version out of Date![/b][/color]"
To improve your security, your Java needs updating.

Uninstall Java if you don't need it. It is a high security risk.

How do I know if I need it!
You have a program installed that uses Java, when you try to run it, it will squark.

Solution: There is always a FREE version of non Java programs available, Just let us know or Search in Softpedia.


Report •

#62
February 17, 2014 at 15:45:34
I don't know what you mean by 'enable the other 3 items'. How?

My post #55
Adblock Plus install SS.
http://i.imgur.com/pW20i0u.gif
http://i.imgur.com/pRIayVe.gif

message edited by Johnw


Report •

#63
February 17, 2014 at 16:09:59
If you can't do the steps in post #62, uninstall Adblock Plus & start again.

Report •

#64
February 17, 2014 at 16:13:42
Sorry John, I don't know what you mean. The links you are referring to above, I understand the instructions, they are simple, but I've no idea how to get onto that particular screen! I also don't have that icon that looks like a piece of a jigsaw puzzle, to the left of 'Enter search or web address'. I have a set of binoculars!

Report •

#65
February 17, 2014 at 16:37:09
"Sorry John, I don't know what you mean"
Start again Warren, uninstall ( Remove ).

When the new install is finished, whatever browser you are installing it into, will open their web page.

My first SS shows it opening my Opera browser. Use the scroll bar ( typo )

message edited by Johnw


Report •

#66
April 21, 2014 at 14:46:41
tahirm

AVG have their own official website. Unless you can vouch personally for filedocks.com it should be avoided - even then it is best to use the official website.

Always pop back and let us know the outcome - thanks


Report •

#67
April 21, 2014 at 15:22:39
Thanx 4 the info Tahirm and Derek. Will check it out.

Thanx!

Warren...


Report •

Ask Question