1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Security Center and Firewall disabled.

Discussion in 'Malware and Virus Removal Archive' started by Whiskeyman, 2014/01/16.

Page 1 of 2
  1. 2014/01/16
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    [Resolved] Security Center and Firewall disabled.

    The Security Center and Firewall are disabled. Windows Firewall is missing from Services. Cannot download anything with any browser due to everything detected as virus. Avira anti-virus went nuts according to owner so he uninstalled it and tried to install another AV program, but couldn't. I downloaded programs to a flash drive and transferred them to the infected computer and was able to install them. I am thinking a Java exploit plus possible rootkit.

    Avast Quick Scan 1_12_14

    C;\Windows\System32\config\...\adsort[1].htm
    HTML:RedirME-inf[Trj]
    Moved to Chest

    c:\program files\windows defender\mpoav.dll
    Error: Incorrect function [1]



    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.11.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Larry :: LARRY-PC [administrator]

    1/11/2014 6:30:36 PM
    mbam-log-2014-01-11 (18-30-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 200253
    Time elapsed: 9 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Larry\AppData\Local\Temp\mgrkknyevgbcqsxpife.exe (Trojan.Agent.FSA89) -> Quarantined and deleted successfully.
    C:\Users\Larry\AppData\Local\Temp\bnpjinxqpytknofoeur.exe (Trojan.Agent.FSA89) -> Quarantined and deleted successfully.

    (end)
     
    Whiskeyman,
    #1
  2. 2014/01/16
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16506
    Run by Larry at 13:04:39 on 2014-01-16
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1023.331 [GMT -5:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\aol\1191336514\ee\aolsoftware.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com
    uSearch Bar = Preserve
    uProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [TWC.Win7] c:\program files\the weather channel\desktop weather\TWC.Win7.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HostManager] c:\program files\common files\aol\1191336514\ee\AOLSoftware.exe
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.254.254
    TCP: Interfaces\{397C85F5-BE74-48A6-A90D-6F42A2880F4C} : DHCPNameServer = 192.168.254.254
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-12 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-12 180248]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-12 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-12 410528]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-12 67824]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-12 50344]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-18 21504]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
    R3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\drivers\L260x86.sys [2007-8-16 25600]
    R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
    S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
    .
    =============== Created Last 30 ================
    .
    2014-01-13 01:18:52 -------- d-----w- c:\users\larry\appdata\roaming\AVAST Software
    2014-01-13 01:17:37 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-01-13 01:17:36 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-01-13 01:17:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-01-13 01:17:34 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-01-13 01:17:27 43152 ----a-w- c:\windows\avastSS.scr
    2014-01-13 01:16:23 -------- d-----w- c:\program files\AVAST Software
    2014-01-13 01:15:29 -------- d-----w- c:\programdata\AVAST Software
    2013-12-27 13:57:33 11468448 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\yd179pli\BingBarSetup-Partner[1].EXE
    .
    ==================== Find3M ====================
    .
    2013-12-10 19:48:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-12-10 19:48:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-10-30 19:24:19 0 ----a-w- C:\DFRBFE6.tmp
    .
    ============= FINISH: 13:05:58.00 ===============
     
    Whiskeyman,
    #2


  3. to hide this advert.

  4. 2014/01/16
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/16/2007 2:31:03 PM
    System Uptime: 1/16/2014 11:13:00 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5GC-MX
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | LGA 775 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 140 GiB total, 34.182 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 4.615 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.3)
    AOL Mail and AIM Gadget
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    ArcSoft PhotoStudio 5.5
    Attansic Giga Ethernet Utility
    Attansic L2 Fast Ethernet Driver
    avast! Free Antivirus
    Basic Webcam
    Bing Bar
    Canon CanoScan LiDE 200 User Registration
    Canon MP Navigator EX 2.0
    Canon Utilities Solution Menu
    CanoScan LiDE 200 Scanner Driver
    Digital Photo Navigator 1.5
    FinePixViewer Ver.4.0
    GIMP 2.4.0
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImageMixer VCD for FinePix
    Inkjet Printer/Scanner Extended Survey Program
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    OGA Notifier 2.0.0048.0
    Presto! ImageFolio LE
    Presto! Mr. Photo
    Presto! VideoWorks
    QuickTime
    RAW FILE CONVERTER LE
    Realtek High Definition Audio Driver
    RTC Client API v1.2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
    Snood 4
    SoftThinks Recovery Center Installer
    Sony Picture Utility
    The Weather Channel App
    The Weather Channel Desktop 6
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Ulead Photo Explorer 6.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Viewpoint Media Player
    VLC media player 2.0.0
    WebCam Suite 2.0
    .
    ==== End Of File ===========================
     
    Whiskeyman,
    #3
  5. 2014/01/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
    broni,
    #4
  6. 2014/01/18
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 02
    Ran by Larry (administrator) on LARRY-PC on 18-01-2014 10:46:25
    Running from C:\Users\Larry\Desktop
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) ===================

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AOL LLC) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
    (New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1191336514\ee\aolsoftware.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    () C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1191336514\ee\aolupdates.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4321280 2007-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1191336514\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-12] (AVAST Software)
    HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
    HKCU\...\Run: [TWC.Win7] - C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe [47104 2014-01-08] ()
    HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex [839560 2013-12-10] (Adobe Systems Incorporated)
    MountPoints2: {66f8e590-cf6c-11dd-8135-00038a000015} - K:\Imageviewer.exe
    MountPoints2: {6b784f8f-f481-11dd-9cb5-00038a000015} - K:\InstallTomTomHOME.exe
    HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
    SearchScopes: HKLM - DefaultScope {049DD3C3-3FED-4A87-B415-DDEB1B9989C3} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKLM - {049DD3C3-3FED-4A87-B415-DDEB1B9989C3} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKCU - DefaultScope {C5514C24-B1FD-4EBE-A99E-5DD81C3CA16C} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKCU - {049DD3C3-3FED-4A87-B415-DDEB1B9989C3} URL =
    SearchScopes: HKCU - {C5514C24-B1FD-4EBE-A99E-5DD81C3CA16C} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll "
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll "
    Winsock: Catalog9 01 mswsock.dll File Not found ()
    Winsock: Catalog9 02 mswsock.dll File Not found ()
    Winsock: Catalog9 03 mswsock.dll File Not found ()
    Winsock: Catalog9 04 mswsock.dll File Not found ()
    Winsock: Catalog9 05 mswsock.dll File Not found ()
    Winsock: Catalog9 06 mswsock.dll File Not found ()
    Winsock: Catalog9 07 mswsock.dll File Not found ()
    Winsock: Catalog9 08 mswsock.dll File Not found ()
    Winsock: Catalog9 09 mswsock.dll File Not found ()
    Winsock: Catalog9 10 mswsock.dll File Not found ()
    Winsock: Catalog9 11 mswsock.dll File Not found ()
    Winsock: Catalog9 12 mswsock.dll File Not found ()
    Winsock: Catalog9 13 mswsock.dll File Not found ()
    Winsock: Catalog9 14 mswsock.dll File Not found ()
    Winsock: Catalog9 15 mswsock.dll File Not found ()
    Winsock: Catalog9 16 mswsock.dll File Not found ()
    Winsock: Catalog9 17 mswsock.dll File Not found ()
    Winsock: Catalog9 18 mswsock.dll File Not found ()
    Winsock: Catalog9 19 mswsock.dll File Not found ()
    Winsock: Catalog9 20 mswsock.dll File Not found ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.google.com/ "
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (YouTube) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-02]
    CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-02]
    CHR Extension: (avast! Online Security) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-12]
    CHR Extension: (Google Wallet) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
    CHR Extension: (Gmail) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-02]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-12]

    ========================== Services (Whitelisted) =================

    R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-12] (AVAST Software)
    S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
    R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2006-12-21] (New Boundary Technologies, Inc.)
    S4 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
    U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{1a3ff401-a392-3109-0b5c-8c99e3397585}\ \...\???\{1a3ff401-a392-3109-0b5c-8c99e3397585}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

    ==================== Drivers (Whitelisted) ====================

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-12] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-12] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-12] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-12] ()
    R3 Atc002; C:\Windows\System32\DRIVERS\L260x86.sys [25600 2006-12-13] (Attansic Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
    S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [506112 2006-11-20] (PixArt Imaging Inc.)
    R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S1 SASDIFSV; \??\C:\Users\Larry\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
    S1 SASKUTIL; \??\C:\Users\Larry\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-18 10:46 - 2014-01-18 10:46 - 00012066 _____ C:\Users\Larry\Desktop\FRST.txt
    2014-01-18 10:46 - 2014-01-18 10:46 - 00000000 ____D C:\FRST
    2014-01-18 10:42 - 2014-01-17 10:06 - 01220096 _____ (Farbar) C:\Users\Larry\Desktop\FRST.exe
    2014-01-16 13:06 - 2014-01-16 13:06 - 00008158 _____ C:\Users\Larry\Desktop\attach.txt
    2014-01-16 13:06 - 2014-01-16 13:05 - 00008662 _____ C:\Users\Larry\Desktop\dds.txt
    2014-01-16 13:03 - 2014-01-12 19:22 - 00688992 ____R (Swearware) C:\Users\Larry\Desktop\dds.com
    2014-01-16 12:05 - 2014-01-18 10:45 - 00000512 _____ C:\Users\Larry\Desktop\Malware and Virus Removal - Windows BBS.website
    2014-01-16 12:04 - 2014-01-16 12:04 - 00000340 _____ C:\Users\Larry\Desktop\Google.website
    2014-01-12 20:18 - 2014-01-12 20:18 - 00001883 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-12 20:18 - 2014-01-12 20:18 - 00000000 ____D C:\Users\Larry\AppData\Roaming\AVAST Software
    2014-01-12 20:17 - 2014-01-12 20:17 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-12 20:17 - 2014-01-12 20:17 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-12 20:16 - 2014-01-12 20:16 - 00000000 ____D C:\Program Files\AVAST Software
    2014-01-12 20:15 - 2014-01-12 20:15 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-10 09:56 - 2014-01-10 09:56 - 00063081 _____ C:\Users\Larry\Documents\weedsportresults1-9-2014.zip
    2014-01-10 09:56 - 2014-01-10 09:56 - 00000000 ____D C:\Users\Larry\Documents\weedsportresults1-9-2014
    2014-01-05 13:23 - 2014-01-05 13:23 - 00140809 _____ C:\Users\Larry\Documents\b-fulentrieshac2014.zip
    2014-01-05 13:23 - 2014-01-05 13:23 - 00000000 ____D C:\Users\Larry\Documents\b-fulentrieshac2014
    2013-12-20 09:16 - 2013-12-20 09:16 - 00059928 _____ C:\Users\Larry\Documents\pulaskiaway12-19-13results.zip
    2013-12-20 09:16 - 2013-12-20 09:16 - 00000000 ____D C:\Users\Larry\Documents\pulaskiaway12-19-13results

    ==================== One Month Modified Files and Folders =======

    2014-01-18 10:46 - 2014-01-18 10:46 - 00012066 _____ C:\Users\Larry\Desktop\FRST.txt
    2014-01-18 10:46 - 2014-01-18 10:46 - 00000000 ____D C:\FRST
    2014-01-18 10:45 - 2014-01-16 12:05 - 00000512 _____ C:\Users\Larry\Desktop\Malware and Virus Removal - Windows BBS.website
    2014-01-18 10:42 - 2006-11-02 05:33 - 00761736 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-18 10:41 - 2007-08-16 13:29 - 01908189 _____ C:\Windows\WindowsUpdate.log
    2014-01-18 10:37 - 2012-09-02 08:37 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-18 10:37 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-18 10:37 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-18 10:37 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-17 10:06 - 2014-01-18 10:42 - 01220096 _____ (Farbar) C:\Users\Larry\Desktop\FRST.exe
    2014-01-16 13:12 - 2006-11-02 08:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2014-01-16 13:06 - 2014-01-16 13:06 - 00008158 _____ C:\Users\Larry\Desktop\attach.txt
    2014-01-16 13:05 - 2014-01-16 13:06 - 00008662 _____ C:\Users\Larry\Desktop\dds.txt
    2014-01-16 12:48 - 2012-04-04 07:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-16 12:27 - 2012-09-02 08:37 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-16 12:04 - 2014-01-16 12:04 - 00000340 _____ C:\Users\Larry\Desktop\Google.website
    2014-01-12 21:01 - 2007-08-16 14:09 - 00236274 _____ C:\Windows\PFRO.log
    2014-01-12 20:18 - 2014-01-12 20:18 - 00001883 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-12 20:18 - 2014-01-12 20:18 - 00000000 ____D C:\Users\Larry\AppData\Roaming\AVAST Software
    2014-01-12 20:17 - 2014-01-12 20:17 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-12 20:17 - 2014-01-12 20:17 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-12 20:17 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Sidebar
    2014-01-12 20:16 - 2014-01-12 20:16 - 00000000 ____D C:\Program Files\AVAST Software
    2014-01-12 20:15 - 2014-01-12 20:15 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-12 19:22 - 2014-01-16 13:03 - 00688992 ____R (Swearware) C:\Users\Larry\Desktop\dds.com
    2014-01-11 18:49 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Cursors
    2014-01-11 18:24 - 2006-11-02 07:52 - 00085180 _____ C:\Windows\setupact.log
    2014-01-10 09:56 - 2014-01-10 09:56 - 00063081 _____ C:\Users\Larry\Documents\weedsportresults1-9-2014.zip
    2014-01-10 09:56 - 2014-01-10 09:56 - 00000000 ____D C:\Users\Larry\Documents\weedsportresults1-9-2014
    2014-01-05 13:23 - 2014-01-05 13:23 - 00140809 _____ C:\Users\Larry\Documents\b-fulentrieshac2014.zip
    2014-01-05 13:23 - 2014-01-05 13:23 - 00000000 ____D C:\Users\Larry\Documents\b-fulentrieshac2014
    2014-01-04 13:47 - 2011-05-29 12:37 - 00029274 _____ C:\Users\Larry\Documents\bp averages.xlsx
    2014-01-04 13:45 - 2011-03-21 11:34 - 00379883 _____ C:\Users\Larry\Documents\BP LOG filled out 2.xlsx
    2014-01-02 18:59 - 2007-10-02 07:09 - 00000000 ____D C:\Users\Larry
    2013-12-20 09:16 - 2013-12-20 09:16 - 00059928 _____ C:\Users\Larry\Documents\pulaskiaway12-19-13results.zip
    2013-12-20 09:16 - 2013-12-20 09:16 - 00000000 ____D C:\Users\Larry\Documents\pulaskiaway12-19-13results
    ZeroAccess:
    C:\Users\Larry\AppData\Local\Google\Desktop\Install
    ZeroAccess:
    C:\Program Files\Google\Desktop\Install

    Files to move or delete:
    ====================
    C:\Users\Larry\Snood4Setup.exe


    Some content of TEMP:
    ====================
    C:\Users\Larry\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Larry\AppData\Local\Temp\ose00000.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    LastRegBack: 2014-01-18 10:44

    ==================== End Of Log ============================
     
    Whiskeyman,
    #5
  7. 2014/01/18
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2014 02
    Ran by Larry at 2014-01-18 10:47:15
    Running from C:\Users\Larry\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
    Adobe AIR (Version: 2.0.3.13070 - Adobe Systems Inc.)
    Adobe AIR (Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Photoshop 7.0 (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Reader X (10.1.3) (Version: 10.1.3 - Adobe Systems Incorporated)
    AOL Mail and AIM Gadget (Version: 1.0.0 - AOL LLC)
    AOL Toolbar 5.0 (Version: - )
    AOL Uninstaller (Choose which Products to Remove) (Version: - AOL Inc.)
    ArcSoft PhotoStudio 5.5 (Version: - ArcSoft)
    Attansic Giga Ethernet Utility (Version: 1.0 - )
    Attansic L2 Fast Ethernet Driver (Version: - )
    avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
    Basic Webcam (Version: 1.0.4.3 - PC Camera)
    Basic Webcam (Version: 1.0.4.3 - PC Camera) Hidden
    Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)
    Canon CanoScan LiDE 200 User Registration (Version: - )
    Canon MP Navigator EX 2.0 (Version: - )
    Canon Utilities Solution Menu (Version: - )
    CanoScan LiDE 200 Scanner Driver (Version: - )
    Digital Photo Navigator 1.5 (Version: - )
    FinePixViewer Ver.4.0 (Version: - )
    GIMP 2.4.0 (Version: - )
    Google Chrome (Version: 31.0.1650.63 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
    Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
    ImageMixer VCD for FinePix (Version: - )
    Inkjet Printer/Scanner Extended Survey Program (Version: - )
    Intel(R) Graphics Media Accelerator Driver (Version: - )
    Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 31 (Version: 6.0.310 - Oracle)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
    Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Presto! ImageFolio LE (Version: - )
    Presto! Mr. Photo (Version: - )
    Presto! VideoWorks (Version: - )
    QuickTime (Version: 7.74.80.86 - Apple Inc.)
    RAW FILE CONVERTER LE (Version: - )
    Realtek High Definition Audio Driver (Version: 6.0.1.5357 - Realtek Semiconductor Corp.)
    RTC Client API v1.2 (Version: 1.2.0000 - Microsoft)
    Snood 4 (Version: - Word of Mouse Games)
    SoftThinks Recovery Center Installer (Version: 1.01.010 - SoftThinks)
    Sony Picture Utility (Version: 1.0.00.12090 - Sony Corporation)
    The Weather Channel App (Version: - )
    The Weather Channel App (Version: 1.00.0000 - The Weather Channel)
    The Weather Channel Desktop 6 (Version: - )
    TomTom HOME (Version: 2.9.2 - TomTom)
    TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
    Ulead Photo Explorer 6.0 (Version: - )
    Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
    Viewpoint Media Player (Version: - )
    VLC media player 2.0.0 (Version: 2.0.0 - VideoLAN)
    WebCam Suite 2.0 (Version: 2.0 - )

    ==================== Restore Points =========================

    26-12-2013 00:00:53 Scheduled Checkpoint
    26-12-2013 22:20:21 Scheduled Checkpoint
    29-12-2013 22:39:06 Scheduled Checkpoint
    30-12-2013 17:29:08 Scheduled Checkpoint
    31-12-2013 22:19:42 Scheduled Checkpoint
    01-01-2014 22:42:11 Scheduled Checkpoint
    02-01-2014 22:20:11 Scheduled Checkpoint
    03-01-2014 21:16:31 Scheduled Checkpoint
    04-01-2014 22:28:51 Scheduled Checkpoint
    05-01-2014 23:22:28 Scheduled Checkpoint
    06-01-2014 21:35:31 Scheduled Checkpoint
    07-01-2014 21:03:25 Scheduled Checkpoint
    08-01-2014 22:20:19 Scheduled Checkpoint
    09-01-2014 22:33:01 Scheduled Checkpoint
    10-01-2014 16:04:50 Scheduled Checkpoint
    13-01-2014 01:16:00 avast! antivirus system restore point

    ==================== Hosts content: ==========================

    2006-11-02 05:23 - 2010-08-22 10:50 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {00B8559D-ED4A-4007-839D-94BED23B5396} - System32\Tasks\Microsoft\Windows\RestartManager\{AA913CA2-3FA8-4ea8-B8B1-2AC8FB240B06} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {00C4E00C-AE24-4206-B703-358B89C31421} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {02EB232C-FE1E-4644-9290-86F9ED7AF7E8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-888583000-12288961-1353878118-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
    Task: {54264BC1-E5AB-4A74-AB4A-A77BBDE4A02A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-888583000-12288961-1353878118-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {5DF7F25B-A07B-4A63-AB44-F68968288A2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-12] (AVAST Software)
    Task: {85BD4FD1-BF1E-459D-ADA7-368ED0E019A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
    Task: {98CED41F-E216-4301-8EE5-09700C856802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
    Task: {C7087E6F-751C-486A-A0B6-CC994F23154A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
    Task: {D992EA80-E8C7-4B86-ADCF-4904E825C4FF} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2006-11-02 05:25 - 2007-09-29 03:02 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
    2014-01-12 20:17 - 2014-01-12 20:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Users\Larry\Documents\GOBULLWINKLE.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => " "= "Service "

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/18/2014 10:41:50 AM) (Source: Application) (User: )
    Description: Value cannot be null.
    Parameter name: key

    Error: (01/18/2014 10:41:42 AM) (Source: Application) (User: )
    Description: Object reference not set to an instance of an object.

    Error: (01/18/2014 10:41:42 AM) (Source: Application) (User: )
    Description: Value cannot be null.
    Parameter name: key

    Error: (01/18/2014 10:41:42 AM) (Source: Application) (User: )
    Description: Value cannot be null.
    Parameter name: key

    Error: (01/16/2014 01:12:38 PM) (Source: EventSystem) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (01/16/2014 00:05:40 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "8.0.50727.4053 "1 ".
    Dependent Assembly Microsoft.VC80.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "8.0.50727.4053" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/16/2014 00:04:25 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "8.0.50727.4053 "1 ".
    Dependent Assembly Microsoft.VC80.CRT,processorArchitecture= "x86 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "8.0.50727.4053" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/16/2014 11:16:50 AM) (Source: Application) (User: )
    Description: Value cannot be null.
    Parameter name: key

    Error: (01/16/2014 11:16:43 AM) (Source: Application) (User: )
    Description: Object reference not set to an instance of an object.

    Error: (01/16/2014 11:16:43 AM) (Source: Application) (User: )
    Description: Value cannot be null.
    Parameter name: key


    System errors:
    =============
    Error: (01/18/2014 10:39:32 AM) (Source: Service Control Manager) (User: )
    Description: SASDIFSV
    SASKUTIL

    Error: (01/18/2014 10:39:32 AM) (Source: Service Control Manager) (User: )
    Description: IKE and AuthIP IPsec Keying ModulesBFE

    Error: (01/18/2014 10:39:32 AM) (Source: Service Control Manager) (User: )
    Description: Computer Browser%%1060

    Error: (01/16/2014 11:15:02 AM) (Source: Service Control Manager) (User: )
    Description: SASDIFSV
    SASKUTIL

    Error: (01/16/2014 11:15:02 AM) (Source: Service Control Manager) (User: )
    Description: IKE and AuthIP IPsec Keying ModulesBFE

    Error: (01/16/2014 11:15:02 AM) (Source: Service Control Manager) (User: )
    Description: Computer Browser%%1060

    Error: (01/12/2014 09:03:21 PM) (Source: Service Control Manager) (User: )
    Description: SASDIFSV
    SASKUTIL

    Error: (01/12/2014 09:03:21 PM) (Source: Service Control Manager) (User: )
    Description: IKE and AuthIP IPsec Keying ModulesBFE

    Error: (01/12/2014 09:03:21 PM) (Source: Service Control Manager) (User: )
    Description: Computer Browser%%1060

    Error: (01/12/2014 08:18:10 PM) (Source: disk) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2013-10-14 16:17:53.040
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:52.659
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:52.270
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:51.888
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:51.506
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:51.121
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:50.656
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:50.275
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:49.888
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-10-14 16:17:49.516
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 78%
    Total physical RAM: 1022.51 MB
    Available physical RAM: 217.98 MB
    Total Pagefile: 2309.34 MB
    Available Pagefile: 1453.77 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1885.95 MB

    ==================== Drives ================================

    Drive c: (Local Disk) (Fixed) (Total:140.45 GB) (Free:34.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (Recovery) (Fixed) (Total:8.6 GB) (Free:4.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: () (Removable) (Total:0.96 GB) (Free:0.84 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: 68AF5682)
    Partition 1: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=140 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 984 MB) (Disk ID: 00386A9A)
    Partition 1: (Active) - (Size=984 MB) - (Type=0B)

    ==================== End Of Log ============================
     
    Whiskeyman,
    #6
  8. 2014/01/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, you're infected with ZeroAccess rootkit.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    IMPORTANT! Restart computer.

    Re-run FRST "Scan" one more time and post fresh log.
     

    Attached Files:

    broni,
    #7
  9. 2014/01/18
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2014 03
    Ran by Larry at 2014-01-18 16:03:54 Run:1
    Running from C:\Users\Larry\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
    MountPoints2: {66f8e590-cf6c-11dd-8135-00038a000015} - K:\Imageviewer.exe
    MountPoints2: {6b784f8f-f481-11dd-9cb5-00038a000015} - K:\InstallTomTomHOME.exe
    SearchScopes: HKCU - {049DD3C3-3FED-4A87-B415-DDEB1B9989C3} URL =
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll "
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll "
    U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{1a3ff401-a392-3109-0b5c-8c99e3397585}\ \...\???\{1a3ff401-a392-3109-0b5c-8c99e3397585}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
    C:\Users\Larry\AppData\Local\Google\Desktop\Install
    C:\Program Files\Google\Desktop\Install
    C:\Users\Larry\Snood4Setup.exe
    C:\Users\Larry\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Larry\AppData\Local\Temp\ose00000.exe
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    AlternateDataStreams: C:\Users\Larry\Documents\GOBULLWINKLE.eml:OECustomProperty

    *****************

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66f8e590-cf6c-11dd-8135-00038a000015} => Key deleted successfully.
    HKCR\CLSID\{66f8e590-cf6c-11dd-8135-00038a000015} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b784f8f-f481-11dd-9cb5-00038a000015} => Key deleted successfully.
    HKCR\CLSID\{6b784f8f-f481-11dd-9cb5-00038a000015} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{049DD3C3-3FED-4A87-B415-DDEB1B9989C3} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{049DD3C3-3FED-4A87-B415-DDEB1B9989C3} => Key not found.
    Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    *etadpug => Service deleted successfully.

    "C:\Users\Larry\AppData\Local\Google\Desktop\Install" directory move:

    Could not move "C:\Users\Larry\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot.


    "C:\Program Files\Google\Desktop\Install" directory move:

    Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

    C:\Users\Larry\Snood4Setup.exe => Moved successfully.
    C:\Users\Larry\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
    C:\Users\Larry\AppData\Local\Temp\ose00000.exe => Moved successfully.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
    "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
    C:\Users\Larry\Documents\GOBULLWINKLE.eml => ":OECustomProperty" ADS removed successfully.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-18 16:10:07)<=

    C:\Users\Larry\AppData\Local\Google\Desktop\Install => Is moved successfully.
    C:\Program Files\Google\Desktop\Install => Is moved successfully.

    ==== End of Fixlog ====
     
    Whiskeyman,
    #8
  10. 2014/01/18
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
    Ran by Larry (administrator) on LARRY-PC on 18-01-2014 16:12:37
    Running from C:\Users\Larry\Desktop
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) ===================

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (AOL Inc.) C:\Program Files\Common Files\aol\1191336514\ee\aolsoftware.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (AOL LLC) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
    (New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4321280 2007-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1191336514\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-12] (AVAST Software)
    HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
    SearchScopes: HKLM - DefaultScope {049DD3C3-3FED-4A87-B415-DDEB1B9989C3} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKLM - {049DD3C3-3FED-4A87-B415-DDEB1B9989C3} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKCU - DefaultScope {C5514C24-B1FD-4EBE-A99E-5DD81C3CA16C} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKCU - {C5514C24-B1FD-4EBE-A99E-5DD81C3CA16C} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Winsock: Catalog9 01 mswsock.dll File Not found ()
    Winsock: Catalog9 02 mswsock.dll File Not found ()
    Winsock: Catalog9 03 mswsock.dll File Not found ()
    Winsock: Catalog9 04 mswsock.dll File Not found ()
    Winsock: Catalog9 05 mswsock.dll File Not found ()
    Winsock: Catalog9 06 mswsock.dll File Not found ()
    Winsock: Catalog9 07 mswsock.dll File Not found ()
    Winsock: Catalog9 08 mswsock.dll File Not found ()
    Winsock: Catalog9 09 mswsock.dll File Not found ()
    Winsock: Catalog9 10 mswsock.dll File Not found ()
    Winsock: Catalog9 11 mswsock.dll File Not found ()
    Winsock: Catalog9 12 mswsock.dll File Not found ()
    Winsock: Catalog9 13 mswsock.dll File Not found ()
    Winsock: Catalog9 14 mswsock.dll File Not found ()
    Winsock: Catalog9 15 mswsock.dll File Not found ()
    Winsock: Catalog9 16 mswsock.dll File Not found ()
    Winsock: Catalog9 17 mswsock.dll File Not found ()
    Winsock: Catalog9 18 mswsock.dll File Not found ()
    Winsock: Catalog9 19 mswsock.dll File Not found ()
    Winsock: Catalog9 20 mswsock.dll File Not found ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.google.com/ "
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (YouTube) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-02]
    CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-02]
    CHR Extension: (avast! Online Security) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-12]
    CHR Extension: (Google Wallet) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
    CHR Extension: (Gmail) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-02]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-12]

    ========================== Services (Whitelisted) =================

    R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-12] (AVAST Software)
    S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
    R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2006-12-21] (New Boundary Technologies, Inc.)
    S4 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

    ==================== Drivers (Whitelisted) ====================

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-12] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-12] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-12] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-12] ()
    R3 Atc002; C:\Windows\System32\DRIVERS\L260x86.sys [25600 2006-12-13] (Attansic Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
    S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [506112 2006-11-20] (PixArt Imaging Inc.)
    R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S1 SASDIFSV; \??\C:\Users\Larry\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
    S1 SASKUTIL; \??\C:\Users\Larry\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-18 16:03 - 2014-01-18 16:03 - 00000000 ____D C:\Users\Larry\Desktop\FRST-OlderVersion
    2014-01-18 10:47 - 2014-01-18 10:48 - 00020562 _____ C:\Users\Larry\Desktop\Addition.txt
    2014-01-18 10:46 - 2014-01-18 16:12 - 00010720 _____ C:\Users\Larry\Desktop\FRST.txt
    2014-01-18 10:46 - 2014-01-18 16:10 - 00000000 ____D C:\FRST
    2014-01-18 10:42 - 2014-01-18 16:03 - 01220608 _____ (Farbar) C:\Users\Larry\Desktop\FRST.exe
    2014-01-16 13:06 - 2014-01-16 13:06 - 00008158 _____ C:\Users\Larry\Desktop\attach.txt
    2014-01-16 13:06 - 2014-01-16 13:05 - 00008662 _____ C:\Users\Larry\Desktop\dds.txt
    2014-01-16 13:03 - 2014-01-12 19:22 - 00688992 ____R (Swearware) C:\Users\Larry\Desktop\dds.com
    2014-01-16 12:05 - 2014-01-18 12:06 - 00000512 _____ C:\Users\Larry\Desktop\Malware and Virus Removal - Windows BBS.website
    2014-01-16 12:04 - 2014-01-16 12:04 - 00000340 _____ C:\Users\Larry\Desktop\Google.website
    2014-01-12 20:18 - 2014-01-12 20:18 - 00001883 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-12 20:18 - 2014-01-12 20:18 - 00000000 ____D C:\Users\Larry\AppData\Roaming\AVAST Software
    2014-01-12 20:17 - 2014-01-12 20:17 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-12 20:17 - 2014-01-12 20:17 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-12 20:16 - 2014-01-12 20:16 - 00000000 ____D C:\Program Files\AVAST Software
    2014-01-12 20:15 - 2014-01-12 20:15 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-10 09:56 - 2014-01-10 09:56 - 00063081 _____ C:\Users\Larry\Documents\weedsportresults1-9-2014.zip
    2014-01-10 09:56 - 2014-01-10 09:56 - 00000000 ____D C:\Users\Larry\Documents\weedsportresults1-9-2014
    2014-01-05 13:23 - 2014-01-05 13:23 - 00140809 _____ C:\Users\Larry\Documents\b-fulentrieshac2014.zip
    2014-01-05 13:23 - 2014-01-05 13:23 - 00000000 ____D C:\Users\Larry\Documents\b-fulentrieshac2014
    2013-12-20 09:16 - 2013-12-20 09:16 - 00059928 _____ C:\Users\Larry\Documents\pulaskiaway12-19-13results.zip
    2013-12-20 09:16 - 2013-12-20 09:16 - 00000000 ____D C:\Users\Larry\Documents\pulaskiaway12-19-13results

    ==================== One Month Modified Files and Folders =======

    2014-01-18 16:13 - 2014-01-18 10:46 - 00010720 _____ C:\Users\Larry\Desktop\FRST.txt
    2014-01-18 16:10 - 2014-01-18 10:46 - 00000000 ____D C:\FRST
    2014-01-18 16:08 - 2012-09-02 08:37 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-18 16:08 - 2007-08-16 14:09 - 00236914 _____ C:\Windows\PFRO.log
    2014-01-18 16:08 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-18 16:08 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-18 16:08 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-18 16:07 - 2006-11-02 08:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2014-01-18 16:03 - 2014-01-18 16:03 - 00000000 ____D C:\Users\Larry\Desktop\FRST-OlderVersion
    2014-01-18 16:03 - 2014-01-18 10:42 - 01220608 _____ (Farbar) C:\Users\Larry\Desktop\FRST.exe
    2014-01-18 16:03 - 2007-10-02 07:09 - 00000000 ____D C:\Users\Larry
    2014-01-18 16:03 - 2006-11-02 05:33 - 00761736 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-18 16:01 - 2007-08-16 13:29 - 01909213 _____ C:\Windows\WindowsUpdate.log
    2014-01-18 12:27 - 2012-09-02 08:37 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-18 12:06 - 2014-01-16 12:05 - 00000512 _____ C:\Users\Larry\Desktop\Malware and Virus Removal - Windows BBS.website
    2014-01-18 11:48 - 2012-04-04 07:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-18 11:36 - 2012-09-02 08:39 - 00001981 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2014-01-18 10:48 - 2014-01-18 10:47 - 00020562 _____ C:\Users\Larry\Desktop\Addition.txt
    2014-01-16 13:06 - 2014-01-16 13:06 - 00008158 _____ C:\Users\Larry\Desktop\attach.txt
    2014-01-16 13:05 - 2014-01-16 13:06 - 00008662 _____ C:\Users\Larry\Desktop\dds.txt
    2014-01-16 12:04 - 2014-01-16 12:04 - 00000340 _____ C:\Users\Larry\Desktop\Google.website
    2014-01-12 20:18 - 2014-01-12 20:18 - 00001883 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-12 20:18 - 2014-01-12 20:18 - 00000000 ____D C:\Users\Larry\AppData\Roaming\AVAST Software
    2014-01-12 20:17 - 2014-01-12 20:17 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-12 20:17 - 2014-01-12 20:17 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-12 20:17 - 2014-01-12 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-12 20:17 - 2006-11-02 07:37 - 00000000 ____D C:\Program Files\Windows Sidebar
    2014-01-12 20:16 - 2014-01-12 20:16 - 00000000 ____D C:\Program Files\AVAST Software
    2014-01-12 20:15 - 2014-01-12 20:15 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-12 19:22 - 2014-01-16 13:03 - 00688992 ____R (Swearware) C:\Users\Larry\Desktop\dds.com
    2014-01-11 18:49 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Cursors
    2014-01-11 18:24 - 2006-11-02 07:52 - 00085180 _____ C:\Windows\setupact.log
    2014-01-10 09:56 - 2014-01-10 09:56 - 00063081 _____ C:\Users\Larry\Documents\weedsportresults1-9-2014.zip
    2014-01-10 09:56 - 2014-01-10 09:56 - 00000000 ____D C:\Users\Larry\Documents\weedsportresults1-9-2014
    2014-01-05 13:23 - 2014-01-05 13:23 - 00140809 _____ C:\Users\Larry\Documents\b-fulentrieshac2014.zip
    2014-01-05 13:23 - 2014-01-05 13:23 - 00000000 ____D C:\Users\Larry\Documents\b-fulentrieshac2014
    2014-01-04 13:47 - 2011-05-29 12:37 - 00029274 _____ C:\Users\Larry\Documents\bp averages.xlsx
    2014-01-04 13:45 - 2011-03-21 11:34 - 00379883 _____ C:\Users\Larry\Documents\BP LOG filled out 2.xlsx
    2013-12-20 09:16 - 2013-12-20 09:16 - 00059928 _____ C:\Users\Larry\Documents\pulaskiaway12-19-13results.zip
    2013-12-20 09:16 - 2013-12-20 09:16 - 00000000 ____D C:\Users\Larry\Documents\pulaskiaway12-19-13results

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-18 16:03

    ==================== End Of Log ============================
     
    Whiskeyman,
    #9
  11. 2014/01/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #10
  12. 2014/01/19
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Larry [Admin rights]
    Mode : Remove -- Date : 01/19/2014 13:18:56
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3626DE66)
    [Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3626DE66)
    [Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x3626DE66)

    ¤¤¤ External Hives: ¤¤¤
    -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
    -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
    -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
    -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
    -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
    -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600AAJS-00PSA0 ATA Device +++++
    --- User ---
    [MBR] 6d5bc9bfdaafeec8d6f3cd039cc57760
    [BSP] 5f1a822e93cf8a81830c7cacffd4675f : Legit.B MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 294535710 | Size: 8809 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143816 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_01192014_131856.txt >>
    RKreport[0]_S_01192014_131747.txt





    MBAR reports no malware found.

    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org

    Database version: v2014.01.19.05

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Larry :: LARRY-PC [administrator]

    1/19/2014 1:25:12 PM
    mbar-log-2014-01-19 (13-25-12).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 197837
    Time elapsed: 16 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 3.000000 GHz
    Memory total: 1072177152, free: 213340160

    Downloaded database version: v2014.01.19.05
    Downloaded database version: v2013.12.18.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    01/19/2014 13:25:03
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\L260x86.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\wanatw4.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \??\C:\Windows\system32\drivers\aswSnx.sys
    \??\C:\Windows\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \??\C:\Windows\system32\drivers\aswTdi.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \??\C:\Windows\system32\drivers\aswRdr.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\parvdm.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xffffffff86137910
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000006e\
    Lower Device Object: 0xffffffff86134820
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xffffffff86136030
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000006d\
    Lower Device Object: 0xffffffff86133030
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff86135030
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000006c\
    Lower Device Object: 0xffffffff86132688
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8610b7e0
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000006b\
    Lower Device Object: 0xffffffff86128030
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff84ea17c8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
    Lower Device Object: 0xffffffff84d1d030
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff84ea17c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff84ea13e8, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff84ea17c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff84d298a8, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff84d1d030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 68AF5682

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 294535710 Numsec = 18040995

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 294535647
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff8610b7e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8610b4c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8610b7e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff86128030, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff86135030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86135988, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86135030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff86132688, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffffff86136030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86136d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86136030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff86133030, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xffffffff86137910, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff861375f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86137910, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff86134820, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_63_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
     
    Last edited: 2014/01/19
    Whiskeyman,
    #11
  13. 2014/01/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    broni,
    #12
  14. 2014/01/21
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    Even though Avira was uninstalled ComboFix warns that it is still enabled. I need to locate and remove any traces of it before I can run ComboFix. It seems that the Larry/Admin account doesn't have permission to access several folders so I can locate any Avira files and folders. I will find a way. On top of that the PSU is acting up and this darn PC starts when it feels like it. I will post the ComnoFix log(s) as soon as I sort this mess out.
     
    Whiskeyman,
    #13
  15. 2014/01/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Disregard Combofix warning regarding Avira and run it anyway.
     
    broni,
    #14
  16. 2014/01/21
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    ComboFix 14-01-21.03 - Larry 01/21/2014 17:35:59.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1330 [GMT -5:00]
    Running from: c:\users\Larry\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\DFRBFE6.tmp
    c:\windows\_detmp.2
    c:\windows\PFRO.log
    c:\windows\system32\DC120fc7_32.dll
    c:\windows\system32\FE05DA0D.dll
    c:\windows\system32\FE05F051.dll
    c:\windows\system32\FE05F3D5.dll
    D:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-21 to 2014-01-21 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-21 22:44 . 2014-01-21 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-21 22:07 . 2014-01-21 22:07 -------- d-----w- c:\program files\jv16 PowerTools
    2014-01-21 18:59 . 2014-01-21 22:45 -------- d-----w- c:\windows\system32\wbem\repository
    2014-01-21 04:36 . 2014-01-21 04:36 -------- d-----w- c:\program files\VS Revo Group
    2014-01-19 18:25 . 2014-01-19 18:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-01-19 18:25 . 2014-01-19 18:25 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-19 18:23 . 2014-01-19 18:23 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-18 15:46 . 2014-01-18 21:10 -------- d-----w- C:\FRST
    2014-01-13 01:18 . 2014-01-13 01:18 -------- d-----w- c:\users\Larry\AppData\Roaming\AVAST Software
    2014-01-13 01:17 . 2014-01-13 01:17 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-01-13 01:17 . 2014-01-13 01:17 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-01-13 01:17 . 2014-01-13 01:17 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-01-13 01:17 . 2014-01-13 01:17 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-01-13 01:17 . 2014-01-13 01:17 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-01-13 01:17 . 2014-01-13 01:17 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-01-13 01:17 . 2014-01-13 01:17 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2014-01-13 01:17 . 2014-01-13 01:17 270240 ----a-w- c:\windows\system32\aswBoot.exe
    2014-01-13 01:17 . 2014-01-13 01:17 43152 ----a-w- c:\windows\avastSS.scr
    2014-01-13 01:16 . 2014-01-13 01:16 -------- d-----w- c:\program files\AVAST Software
    2014-01-13 01:15 . 2014-01-13 01:15 -------- d-----w- c:\programdata\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-10 19:48 . 2012-04-04 12:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-12-10 19:48 . 2011-06-14 13:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @= "{472083B0-C522-11CF-8763-00608CC02F24} "
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-01-13 01:17 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl "= "RtHDVCpl.exe" [2007-01-12 4321280]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
    "HostManager "= "c:\program files\Common Files\AOL\1191336514\ee\AOLSoftware.exe" [2010-03-08 41800]
    "AvastUI.exe "= "c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-13 3764024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
    path=c:\users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
    backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-06-06 18:52 154392 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2013-04-04 18:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-06-06 18:52 138008 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2012-08-28 12:41 247768 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-01-18 16:28 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:48]
    .
    2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 13:37]
    .
    2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 13:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.254.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    MSConfigStartUp-WeatherBug - c:\users\Larry\AppData\Local\ykptvoxvd\WeatherBug\ujvebqmb.dll
    AddRemove-The Weather Channel App - c:\program files\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
    AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-21 17:48
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
    "ImagePath "= ". "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
    "ImagePath "= ". "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_31 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.0_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.1_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.1_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.4.2 "
    .
     
    Whiskeyman,
    #15
  17. 2014/01/21
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.5.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_01 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_02 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_03 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_04 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_05 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_06 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_07 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_08 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_09 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_10 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_11 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_12 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_13 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_14 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_15 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_16 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_17 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_18 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_19 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_20 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_21 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_22 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_23 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_24 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_25 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_26 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_27 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_28 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_29 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_30 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_31 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_31 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0_31 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.6.0 "
    .
    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
    @DACL=(02 0000)
    @= "Java Plug-in 1.3.0_02 "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
    c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    c:\program files\TomTom HOME 2\TomTomHOMEService.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2014-01-21 17:52:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-01-21 22:52
    .
    Pre-Run: 36,165,398,528 bytes free
    Post-Run: 37,099,565,056 bytes free
    .
    - - End Of File - - 1BAA0F1F7E557DDA97D6942029192556
    D0A37B66A9B60F135B25640CB1AA1477
     
    Whiskeyman,
    #16
  18. 2014/01/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #17
  19. 2014/01/21
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    # AdwCleaner v3.017 - Report created 21/01/2014 at 18:37:54
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Larry - LARRY-PC
    # Running from : C:\Users\Larry\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\Program Files\Viewpoint

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16506


    -\\ Google Chrome v32.0.1700.76

    [ File : C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [2232 octets] - [21/01/2014 18:36:18]
    AdwCleaner[S0].txt - [2195 octets] - [21/01/2014 18:37:54]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2255 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Larry on Tue 01/21/2014 at 19:14:19.17
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C5514C24-B1FD-4EBE-A99E-5DD81C3CA16C}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{049DD3C3-3FED-4A87-B415-DDEB1B9989C3}



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Dumping contents of C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Default
    C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Default\aadddbdcgedegbgcgbdcdjdedededgdc
    C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Default\aadddbdcgedegbgcgbdcdjdedededgdc\background.js
    C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Default\aadddbdcgedegbgcgbdcdjdedededgdc\manifest.json

    Successfully deleted: [Folder] C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 01/21/2014 at 19:18:08.58
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Whiskeyman,
    #18
  20. 2014/01/21
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    OTL logfile created on: 1/21/2014 7:22:41 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Larry\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.35% Memory free
    4.24 Gb Paging File | 3.57 Gb Available in Paging File | 84.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.45 Gb Total Space | 33.93 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
    Drive D: | 8.60 Gb Total Space | 4.61 Gb Free Space | 53.56% Space Free | Partition Type: NTFS

    Computer Name: LARRY-PC | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/21 18:34:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
    PRC - [2014/01/12 20:17:12 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/01/12 20:17:12 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
    PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1191336514\ee\aolsoftware.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/01/11 20:24:56 | 004,321,280 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2006/12/21 21:12:55 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/01/12 20:17:25 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2007/09/29 03:02:48 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] -- -- (BFE)
    SRV - [2014/01/12 20:17:12 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/12/10 14:48:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/12/21 21:12:55 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- C:\Users\Larry\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
    DRV - File not found [Kernel | System | Stopped] -- C:\Users\Larry\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2014/01/12 20:17:28 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/01/12 20:17:28 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/01/12 20:17:28 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/01/12 20:17:28 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/01/12 20:17:28 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/01/12 20:17:28 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2014/01/12 20:17:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2007/09/29 03:13:58 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2007/09/29 03:13:58 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2006/12/13 05:00:08 | 000,025,600 | ---- | M] (Attansic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L260x86.sys -- (Atc002)
    DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
    DRV - [2006/11/20 08:48:40 | 000,506,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
    DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 02:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006/10/18 19:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-888583000-12288961-1353878118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
    IE - HKU\S-1-5-21-888583000-12288961-1353878118-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-888583000-12288961-1353878118-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-888583000-12288961-1353878118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-888583000-12288961-1353878118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


    [2008/12/02 13:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions
    [2008/12/02 13:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: avast! Online Security = C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
    CHR - Extension: Google Wallet = C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/01/21 17:48:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKU\S-1-5-21-888583000-12288961-1353878118-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1191336514\ee\aolsoftware.exe (AOL Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-888583000-12288961-1353878118-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-888583000-12288961-1353878118-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O15 - HKU\S-1-5-21-888583000-12288961-1353878118-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397C85F5-BE74-48A6-A90D-6F42A2880F4C}: DhcpNameServer = 192.168.254.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/21 19:14:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/01/21 18:36:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/01/21 18:35:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
    [2014/01/21 18:34:30 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Larry\Desktop\JRT.exe
    [2014/01/21 17:52:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/01/21 17:48:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2014/01/21 17:33:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/01/21 17:33:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/01/21 17:33:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/01/21 17:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools
    [2014/01/21 17:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
    [2014/01/20 23:36:34 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2014/01/20 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2014/01/20 22:13:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/20 22:12:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/01/20 21:02:15 | 005,172,786 | R--- | C] (Swearware) -- C:\Users\Larry\Desktop\ComboFix.exe
    [2014/01/19 13:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/01/19 13:25:03 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/01/19 13:23:59 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/01/19 13:23:53 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\mbar
    [2014/01/19 13:10:16 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\RK_Quarantine
    [2014/01/18 16:03:40 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\FRST-OlderVersion
    [2014/01/18 10:46:05 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/01/18 10:42:05 | 001,220,608 | ---- | C] (Farbar) -- C:\Users\Larry\Desktop\FRST.exe
    [2014/01/16 13:03:54 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Larry\Desktop\dds.com
    [2014/01/12 20:18:52 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\AVAST Software
    [2014/01/12 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/01/12 20:17:38 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/01/12 20:17:36 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/01/12 20:17:35 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/01/12 20:17:34 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/01/12 20:17:34 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/01/12 20:17:31 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/01/12 20:17:27 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/01/12 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/01/12 20:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/01/10 09:56:09 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\weedsportresults1-9-2014
    [2014/01/05 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\b-fulentrieshac2014

    ========== Files - Modified Within 30 Days ==========

    [2014/01/21 19:22:14 | 000,000,512 | ---- | M] () -- C:\Users\Larry\Desktop\Malware and Virus Removal - Windows BBS.website
    [2014/01/21 18:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/21 18:43:45 | 000,644,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/01/21 18:43:45 | 000,120,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/01/21 18:39:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/21 18:39:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/21 18:39:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/21 18:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/21 18:34:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
    [2014/01/21 18:34:12 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Larry\Desktop\JRT.exe
    [2014/01/21 18:33:33 | 001,236,282 | ---- | M] () -- C:\Users\Larry\Desktop\adwcleaner.exe
    [2014/01/21 18:31:57 | 000,000,452 | ---- | M] () -- C:\Users\Larry\Desktop\Google.website
    [2014/01/21 18:27:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/21 17:48:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/01/21 17:33:12 | 005,172,786 | R--- | M] (Swearware) -- C:\Users\Larry\Desktop\ComboFix.exe
    [2014/01/21 17:21:04 | 000,000,701 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\autoruns.exe - Shortcut.lnk
    [2014/01/21 17:07:24 | 000,000,832 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools.lnk
    [2014/01/20 23:36:34 | 000,001,067 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller.lnk
    [2014/01/20 23:08:39 | 000,000,953 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/01/20 22:56:35 | 000,001,356 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
    [2014/01/19 13:25:03 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/01/19 13:23:59 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/01/19 12:52:07 | 003,809,280 | ---- | M] () -- C:\Users\Larry\Desktop\RogueKiller.exe
    [2014/01/18 16:19:34 | 000,368,029 | ---- | M] () -- C:\Users\Larry\Documents\GOBULLWINKLE.eml
    [2014/01/18 16:03:40 | 001,220,608 | ---- | M] (Farbar) -- C:\Users\Larry\Desktop\FRST.exe
    [2014/01/18 11:36:48 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/12 20:18:20 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/01/12 20:17:28 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/01/12 20:17:28 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/01/12 20:17:28 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/01/12 20:17:28 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/01/12 20:17:28 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/01/12 20:17:28 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/01/12 20:17:28 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/01/12 20:17:27 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/01/12 20:17:27 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/01/12 19:22:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Larry\Desktop\dds.com
    [2014/01/10 09:56:09 | 000,063,081 | ---- | M] () -- C:\Users\Larry\Documents\weedsportresults1-9-2014.zip
    [2014/01/05 13:23:15 | 000,140,809 | ---- | M] () -- C:\Users\Larry\Documents\b-fulentrieshac2014.zip

    ========== Files Created - No Company Name ==========

    [2014/01/21 18:33:53 | 001,236,282 | ---- | C] () -- C:\Users\Larry\Desktop\adwcleaner.exe
    [2014/01/21 17:33:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/01/21 17:33:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/01/21 17:33:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/01/21 17:33:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/01/21 17:33:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/01/21 17:21:04 | 000,000,701 | ---- | C] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\autoruns.exe - Shortcut.lnk
    [2014/01/21 17:07:24 | 000,000,832 | ---- | C] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\jv16 PowerTools.lnk
    [2014/01/20 23:36:34 | 000,001,067 | ---- | C] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller.lnk
    [2014/01/19 12:52:38 | 003,809,280 | ---- | C] () -- C:\Users\Larry\Desktop\RogueKiller.exe
    [2014/01/16 12:05:41 | 000,000,512 | ---- | C] () -- C:\Users\Larry\Desktop\Malware and Virus Removal - Windows BBS.website
    [2014/01/16 12:04:25 | 000,000,452 | ---- | C] () -- C:\Users\Larry\Desktop\Google.website
    [2014/01/12 20:18:20 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/01/12 20:17:37 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/01/12 20:17:35 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/01/10 09:56:07 | 000,063,081 | ---- | C] () -- C:\Users\Larry\Documents\weedsportresults1-9-2014.zip
    [2014/01/05 13:23:14 | 000,140,809 | ---- | C] () -- C:\Users\Larry\Documents\b-fulentrieshac2014.zip
    [2013/11/29 13:10:38 | 000,016,454 | ---- | C] () -- C:\Users\Larry\.recently-used.xbel
    [2012/12/14 05:25:49 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2007/10/02 13:34:58 | 000,130,560 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/02 07:09:52 | 000,001,356 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    " " = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/01/12 20:18:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVAST Software
    [2008/12/28 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Canon
    [2008/10/26 12:46:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\FUJIFILM
    [2013/11/29 13:10:38 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\gtk-2.0
    [2007/10/02 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MGI
    [2007/10/05 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\SampleView
    [2008/01/01 11:12:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\TomTom

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 587 bytes -> C:\Users\Larry\Documents\GOBULLWINKLE.eml:OECustomProperty

    < End of report >
     
    Whiskeyman,
    #19
  21. 2014/01/21
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni Thread Starter

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    OTL Extras logfile created on: 1/21/2014 7:22:41 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Larry\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.35% Memory free
    4.24 Gb Paging File | 3.57 Gb Available in Paging File | 84.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.45 Gb Total Space | 33.93 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
    Drive D: | 8.60 Gb Total Space | 4.61 Gb Free Space | 53.56% Space Free | Partition Type: NTFS

    Computer Name: LARRY-PC | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
    Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A755762-EED8-47AB-A446-505766F93D43}" = Attansic L2 Fast Ethernet Driver
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
    "{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = SoftThinks Recovery Center Installer
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
    "{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
    "{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
    "{DF157E38-A290-4265-844B-687E5707899E}" = WebCam Suite 2.0
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
    "{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "AOL Toolbar" = AOL Toolbar 5.0
    "AOL Toolbar 5.0" =
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Avast" = avast! Free Antivirus
    "Canon CanoScan LiDE 200 User Registration" = Canon CanoScan LiDE 200 User Registration
    "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "if40leUninstall" = Presto! ImageFolio LE
    "InstallShield_{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
    "jv16 PowerTools_is1" = jv16 PowerTools 1.3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "PMUninstall" = Presto! Mr. Photo
    "Presto! VideoWorks" = Presto! VideoWorks
    "Revo Uninstaller" = Revo Uninstaller 1.95
    "Snood 4_is1" = Snood 4
    "VLC media player" = VLC media player 2.0.0
    "WinGimp-2.0_is1" = GIMP 2.4.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-888583000-12288961-1353878118-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    < End of report >
     
    Whiskeyman,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...