Jump to content

sheituser

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Nothings changed. Same thing. Last night before I quit for the night, I checked Task Manager and there was an entry for dllhost using about 4KB. I checked it this morning first thing and it was at 700,000 KB.
  2. Here are the two results: MiniToolBox by Farbar Version: 21-07-2014 Ran by Jack (administrator) on 17-11-2014 at 22:46:14 Running from "C:\Users\Jack\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localsites 127.0.0.1 localhost 127.0.0.1 localsites ========================= IP Configuration: ================================ Broadcom NetLink Gigabit Ethernet = Local Area Connection (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Jack-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet Physical Address. . . . . . . . . : F0-4D-A2-DC-80-1D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c1aa:def4:87d3:54e3%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, November 15, 2014 9:41:53 PM Lease Expires . . . . . . . . . . : Monday, November 17, 2014 11:43:44 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 250629538 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-38-05-DA-F0-4D-A2-DC-80-1D DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{B8F51288-09AF-4002-9509-913610B7FF58}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:8a0:ab1:3f57:fffa(Preferred) Link-local IPv6 Address . . . . . : fe80::8a0:ab1:3f57:fffa%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: dns-cac-lb-01.rr.com Address: 209.18.47.61 Name: google.com Addresses: 2607:f8b0:4009:805::1005 74.125.225.36 74.125.225.37 74.125.225.38 74.125.225.39 74.125.225.40 74.125.225.41 74.125.225.46 74.125.225.32 74.125.225.33 74.125.225.34 74.125.225.35 Pinging google.com [173.194.46.104] with 32 bytes of data: Reply from 173.194.46.104: bytes=32 time=53ms TTL=54 Reply from 173.194.46.104: bytes=32 time=20ms TTL=54 Ping statistics for 173.194.46.104: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 53ms, Average = 36ms Server: dns-cac-lb-01.rr.com Address: 209.18.47.61 Name: yahoo.com Addresses: 206.190.36.45 98.138.253.109 98.139.183.24 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=68ms TTL=48 Reply from 98.139.183.24: bytes=32 time=66ms TTL=48 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 66ms, Maximum = 68ms, Average = 67ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=21ms TTL=128 Reply from 127.0.0.1: bytes=32 time=6ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 6ms, Maximum = 21ms, Average = 13ms =========================================================================== Interface List 10...f0 4d a2 dc 80 1d ......Broadcom NetLink Gigabit Ethernet 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 10 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.5 266 192.168.0.5 255.255.255.255 On-link 192.168.0.5 266 192.168.0.255 255.255.255.255 On-link 192.168.0.5 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.5 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.5 266 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:9d38:6ab8:8a0:ab1:3f57:fffa/128 On-link 10 266 fe80::/64 On-link 12 306 fe80::/64 On-link 12 306 fe80::8a0:ab1:3f57:fffa/128 On-link 10 266 fe80::c1aa:def4:87d3:54e3/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 10 266 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/17/2014 09:56:42 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 09:56:09 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 05:54:08 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 05:53:37 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 01:50:57 PM) (Source: Application Error) (User: ) Description: Faulting application name: Apache.exe, version: 2.0.63.200, time stamp: 0x479031fa Faulting module name: php5ts.dll, version: 5.3.5.0, time stamp: 0x4d26013e Exception code: 0xc0000005 Fault offset: 0x0000c5c6 Faulting process id: 0x31d8 Faulting application start time: 0xApache.exe0 Faulting application path: Apache.exe1 Faulting module path: Apache.exe2 Report Id: Apache.exe3 Error: (11/17/2014 01:45:01 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 01:44:29 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 11:43:32 AM) (Source: MySQL) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (11/17/2014 11:40:06 AM) (Source: MySQL) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (11/17/2014 11:39:57 AM) (Source: MySQL) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. System errors: ============= Error: (11/16/2014 00:14:44 AM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (11/15/2014 09:43:25 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service. Error: (11/15/2014 09:39:17 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/15/2014 02:47:15 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (11/15/2014 02:44:48 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service. Error: (11/15/2014 02:41:41 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/15/2014 02:10:40 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (11/15/2014 02:06:59 PM) (Source: Service Control Manager) (User: ) Description: The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/15/2014 02:06:51 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/15/2014 02:06:51 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Microsoft Office Sessions: ========================= Error: (11/17/2014 09:56:42 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 09:56:09 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 05:54:08 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 05:53:37 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 01:50:57 PM) (Source: Application Error)(User: ) Description: Apache.exe2.0.63.200479031faphp5ts.dll5.3.5.04d26013ec00000050000c5c631d801d0021bc5c559b8C:\wamp\bin\apache\apache2.0.63\bin\Apache.exeC:\wamp\bin\apache\apache2.0.63\bin\php5ts.dllaa250b4d-6e8a-11e4-8251-f04da2dc801d Error: (11/17/2014 01:45:01 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 01:44:29 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 11:43:32 AM) (Source: MySQL)(User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (11/17/2014 11:40:06 AM) (Source: MySQL)(User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (11/17/2014 11:39:57 AM) (Source: MySQL)(User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' CodeIntegrity Errors: =================================== Date: 2014-11-07 23:28:55.396 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-07 23:28:55.169 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-30 18:50:50.208 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:36:13.613 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:30:43.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:19:32.186 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:07:48.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:58:43.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:37:00.166 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:29:37.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware) Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware) Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware) AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.) ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft) ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft) ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft) ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft) ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft) ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1506.0 - AVAST Software) Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software) Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center (x32 Version: 2011.0419.2218.38209 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0928.2139.36979 - ATI Technologies, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0419.2218.38209 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0419.2218.38209 - ATI) Hidden CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Czech (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Danish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Dutch (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help English (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help English (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Finnish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help French (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help French (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help German (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help German (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Greek (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Hungarian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Italian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Japanese (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Korean (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Norwegian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Polish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Portuguese (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Russian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Spanish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Swedish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Thai (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Turkish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden ccc-utility64 (Version: 2010.0928.2139.36979 - ATI) Hidden ccc-utility64 (Version: 2011.0419.2218.38209 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd) Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.) Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software) ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd) CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.) Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies) EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik) FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project) FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden FOSS (x32 Version: 17.00.0000 - UPS) Hidden GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware) HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com) ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2309 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation) NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NRF (x32 Version: 17.00.0000 - UPS) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security) PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.) Reconciler (x32 Version: 17.00.0000 - UPS) Hidden ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden Roxio Burn (x32 Version: 1.6 - Roxio) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog) ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler) Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation) Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) SQLyog 11.33 (64 bit) (HKLM\...\SQLyog64) (Version: 11.33 (64 bit) - Webyog Inc.) SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden System (x32 Version: 17.00.0000 - UPS) Hidden The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.) True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation) UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS) UPSDB (x32 Version: 17.00.0000 - UPS) Hidden UPSICC (x32 Version: 17.00.0000 - UPS) Hidden UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com) Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.) WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS) WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - ) Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809 - Microsoft Corporation) Hidden WorldShip (x32 Version: 17.00.0000 - UPS) Hidden WSShared (x32 Version: 17.00.0000 - UPS) Hidden Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr) Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies) ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point) ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD) ========================= Devices: ================================ Name: F:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: H:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ========================= Memory info: =================================== Percentage of memory in use: 36% Total physical RAM: 16374.89 MB Available physical RAM: 10348.82 MB Total Pagefile: 32747.97 MB Available Pagefile: 27511.57 MB Total Virtual: 4095.88 MB Available Virtual: 3970.36 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:732.14 GB) NTFS 3 Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:39.77 GB) NTFS 7 Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:411.34 GB) NTFS 9 Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:673.57 GB) NTFS ========================= Users: ======================================== User accounts for \\JACK-PC Administrator Guest Jack ========================= Minidump Files ================================== No minidump file found ========================= Restore Points ================================== 16-11-2014 13:00:05 Windows Backup **** End of log **** RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jack [Administrator] Mode : Scan -- Date : 11/17/2014 23:14:19 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 32 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/ -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localsites ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] l7tarqgo.default-1374718651417 : user_pref("browser.startup.homepage", "http://localsites/");-> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ARRAY0 +++++ --- User --- [MBR] 58e7f69331c3d38135543e0cbcc8c374 [bSP] fe00aafa125282f746adc39f3a0dc904 : Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 8942 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18395136 | Size: 944892 MB User = LL1 ... OK Error reading LL2 MBR! ([57] The parameter is incorrect. ) +++++ PhysicalDrive1: WDC WD6000HLHX-01JJPV0 +++++ --- User --- [MBR] d4aa3fad11eaa13a33caf77b13cf4d41 [bSP] 49a37fbacc6afd1548cc43fda5909fcd : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD6000HLHX-01JJPV0 +++++ --- User --- [MBR] c160e280329114575ef9c743e9574d88 [bSP] 3c1d42840279b086de72ac5a4eefe662 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive3: WD My Book 1130 USB Device +++++ Error reading User MBR! ([57] The parameter is incorrect. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive6: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive7: Generic- MS/MS-Pro/HG USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive8: EPSON Storage USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_DEL_10262014_102021.log - RKreport_SCN_10252014_233158.log - RKreport_SCN_10262014_132228.log - RKreport_SCN_10282014_193631.log
  3. Here are the results: . FILE: C:\USERS\JACK\DOWNLOADS\UPDATE.EXE to be deleted. Unknown. FILE: C:\PROGRAM FILES\ALIENWARE\ALIENWARE TACTX MOUSE CI\AWMOUSECI.EXE to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\77PCUC9S.txt to be deleted. Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
  4. The report is attached. I did run across another problem that will hopefully help. I have a contact us page on my web site. When I click the link on it, a send message window should open in my email program. But I just tried that and a dialog popped up that said something like "the email client is not configured correctly." then IE windows starting opening. So many that I had to use the task manager to kill them. I couldn't see the actual window since more windows kept opening but the title said something like page failed to load. I tried it with a different web site - same thing. The web sits are mine so I have backups of the files and they haven't been changed. So this problem is in my computer. The email program and files are on the c drive so they have probably been tested during all of this but I ran my virus scanner and Malwarebytes on them just to be safe but nothing was found. ComboFix.txt
  5. To clarify, when I say I ran it, that was after rebooting into normal mode.
  6. I was able to get it downloaded in safe mode. Then I followed all of the instructions and ran it. The result are below. As for problems I am having, there aren't any I am aware of other than the one described for this thread - the dllhost memory and popup issue. Malwarebytes Anti-Rootkit BETA 1.08.1.1001 www.malwarebytes.org Database version: v2014.11.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17358 Jack :: JACK-PC [administrator] 11/13/2014 1:19:36 PM mbar-log-2014-11-13 (13-19-36).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 340938 Time elapsed: 8 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.807000 GHz Memory total: 17170321408, free: 15245807616 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.806000 GHz Memory total: 17170321408, free: 14033297408 Downloaded database version: v2014.11.13.07 Downloaded database version: v2014.11.12.01 ======================================= Initializing... ------------ Kernel report ------------ 11/13/2014 13:19:27 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\vidsflt.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\DRIVERS\SI3132.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\DKDFM.sys \SystemRoot\system32\drivers\FLTMGR.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\DKTLFSMF.sys \SystemRoot\system32\DRIVERS\SiWinAcc.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\aswKbd.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\aswNdis2.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\aswNdis.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\SiRemFil.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswFW.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HCW85BDA.sys \SystemRoot\system32\drivers\BdaSup.SYS \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\wdcsam64.sys \SystemRoot\system32\DRIVERS\mio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\DKRtWrt.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk8\DR23 Upper Device Object: 0xfffffa800d267790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000014f\ Lower Device Object: 0xfffffa800d10bb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa8011c9d060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009c\ Lower Device Object: 0xfffffa8011cb9060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8011cc62a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009b\ Lower Device Object: 0xfffffa8011cba750 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8011cb6060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa8011cb5660 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8011cb8060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000099\ Lower Device Object: 0xfffffa8011cb5b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8011c28060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8011c2b060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa801046e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800dba2050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa801046b790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800db9e050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8010468790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-3\ Lower Device Object: 0xfffffa800dba6050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8010468520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfda880, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 77E3ED41 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 18313216 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 18395136 Numsec = 1935138816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000210432000 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfe1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e0f3520, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97953898 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe5900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfe3910, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6BBAC015 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 3, DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011c27040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011bac9b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011c2a580, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011bab9c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011c2b060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2DCC8 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 256 Numsec = 732558080 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 3000558944256 bytes Sector size: 4096 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb7040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb8940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011ca0950, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cb5b60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb4040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb6940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb7970, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cb5660, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cbd760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011c9f900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cbd040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb4ca0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cba750, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cca700, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011c9d940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011c9db90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cc9aa0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cb9060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 8, DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800d2f8760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8013deb920, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801497f540, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8014984e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800d10bb60, DeviceName: \Device\0000014f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.807000 GHz Memory total: 17170321408, free: 14198095872 ======================================= Initializing... ------------ Kernel report ------------ 11/13/2014 13:37:27 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\vidsflt.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\DRIVERS\SI3132.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\DKDFM.sys \SystemRoot\system32\drivers\FLTMGR.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\DKTLFSMF.sys \SystemRoot\system32\DRIVERS\SiWinAcc.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\aswKbd.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\aswNdis2.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\aswNdis.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\SiRemFil.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswFW.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HCW85BDA.sys \SystemRoot\system32\drivers\BdaSup.SYS \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\wdcsam64.sys \SystemRoot\system32\DRIVERS\mio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\DKRtWrt.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk8\DR14 Upper Device Object: 0xfffffa8014009790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000fe\ Lower Device Object: 0xfffffa8013f0f060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa8011cb2060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009c\ Lower Device Object: 0xfffffa8011cbeb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8011cc32a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009b\ Lower Device Object: 0xfffffa8011cbe060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8011c912a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa8011ca4b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8011cbd060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000099\ Lower Device Object: 0xfffffa8011cba550 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8011c43060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8011c37060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa801046e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800dba2050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa801046b790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800db9e050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8010468790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-3\ Lower Device Object: 0xfffffa800dba6050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfdc900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfd8a60, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 77E3ED41 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 18313216 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 18395136 Numsec = 1935138816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000210432000 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe1900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801046b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfe0e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97953898 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe4900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8010462b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6BBAC015 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 3, DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011c48040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011c37900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011c396a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011c3d410, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011c37060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2DCC8 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 256 Numsec = 732558080 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 3000558944256 bytes Sector size: 4096 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cbc760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cbc040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cbdab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cabb80, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cba550, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cae510, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011caedf0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cae040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cadb40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011ca4b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb0510, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb0df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb0040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cafe00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cbe060, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb18f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cc61b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb1b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cbeb60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 8, DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8013fbf760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8013ee9be0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8013e30040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8013e125d0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8013f0f060, DeviceName: \Device\000000fe\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17420 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.807000 GHz Memory total: 17170321408, free: 13210963968 Downloaded database version: v2014.11.13.08 ======================================= Initializing... ------------ Kernel report ------------ 11/13/2014 14:42:17 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\vidsflt.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\DRIVERS\SI3132.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\DKDFM.sys \SystemRoot\system32\drivers\FLTMGR.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\DKTLFSMF.sys \SystemRoot\system32\DRIVERS\SiWinAcc.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\aswKbd.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\aswNdis2.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\aswNdis.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\SiRemFil.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswFW.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HCW85BDA.sys \SystemRoot\system32\drivers\BdaSup.SYS \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\wdcsam64.sys \SystemRoot\system32\DRIVERS\mio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\DKRtWrt.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk8\DR32 Upper Device Object: 0xfffffa8015090790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000001a8\ Lower Device Object: 0xfffffa800d820b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa8011ca7060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009c\ Lower Device Object: 0xfffffa8011caf060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8011cb55d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009b\ Lower Device Object: 0xfffffa8011cafb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8011cac060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa8011ca3750 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8011cae790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000099\ Lower Device Object: 0xfffffa8011ca57b0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8011bec060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8011bfe630 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8010452790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800dba4050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa801044f790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800dba0050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa801044c790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-3\ Lower Device Object: 0xfffffa800dba8050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa801043a760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfb68f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfb9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfb6b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba8050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 77E3ED41 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 18313216 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 18395136 Numsec = 1935138816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000210432000 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010446040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfbb900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801044f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa801043a520, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97953898 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010453040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8010452520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8010446950, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8010446e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba4050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6BBAC015 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 3, DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011bf3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011b839b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011bff690, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011b819c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011bfe630, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2DCC8 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 256 Numsec = 732558080 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 3000558944256 bytes Sector size: 4096 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cad760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cad040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb1410, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011ca57b0, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cab700, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cac940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cacb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cad520, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011ca3750, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011ca9630, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011ca9040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb5100, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011caae00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cafb60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011ca6040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb8df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011ca86a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb8670, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011caf060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 8, DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8014fd2300, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8014c40ae0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801509b040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8014f2d300, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800d820b60, DeviceName: \Device\000001a8\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished
  7. I tried to run the program but a message pops up saying it can't run on my computer and to check that I am using the correct version (32 or 64 bit - see attached). The download page tied to the doc page you mentioned says it will run on either version. I used your link to download it though. When it didn't work, I tried re-booting since that worked before with this type of problem but I still get the same message. Before trying to run it, I stopped all running programs and turned off my anti-virus and anti-spam program. Should I try running it in safe mode? Rebooting didn't fix my problems. But I found that the parts that were removed were a key string for a program and entries in the computers host file that I had added were removed. Just mentioning in case someone else has the same sort of problems.
  8. When I ran that program before, it took a hour, at most. This time it seemed to have locked up and after about three hours I had to kill it since I had work to do. That was yesterday. I ran it again today and just it go and it finally finished. The result is attached.combofix.txt. But after rebooting after the first run, I found a number of programs weren't working correctly. I tried a restore and got and error saying it couldn't complete due to "complusstaging." I finally did a complete restore of the c drive from my daily backup. That still didn't fix one of the programs which doesn't make sense to me since it is on the c drive but I'll have to deal with that. Hopefully the restore I did didn't cause problems with this procedure. While searching the web for this problem, I ran across a post on the Microsoft site where they recommend a clear reboot. The problem I am having doesn't appear to happen in safe mode, though I haven't tested it that way very much, so it sounds like a clean reboot might be a good idea. If you still have a plan of attack, then I will stick with what you say. I'm just grasping at straws here since this is having a terrible affect on me being able to get anything done on the computer.
  9. OK. I understand. The problem is still there but may be a little better. Before, after a reboot, the first popup would appear after about 5-10 minutes. After this last reboot, it didn't happen until about 30 minutes. And while the dllhost entry in the Task Manager still grows, it is doing so at a much lower rate and doesn't seem to be getting as large. So something seems to have made a difference but not enough of one.
  10. I removed Thunderbird and Java and ran the tests you mentioned. The results are below: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Nov 05 08:54:18 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\Classes\JavaPlugin.10512 ------------------------------------ Finished reporting. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\U8ANYUVY.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\D0OVXEX3.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Y9KQVRYJ.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\M120J4IR.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LUFF2HPX.TXT to be deleted. . FILE: C:\USERS\JACK\DOWNLOADS\UPDATE.EXE to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\6QG1TW98.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\QUEV4K9L.txt to be deleted. Unknown. FILE: C:\PROGRAM FILES\ALIENWARE\ALIENWARE TACTX MOUSE CI\AWMOUSECI.EXE to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\9QXAR6CZ.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\2D82N3N1.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Q0H3FHNJ.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\OY0J026M.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\4XFSYU1M.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\801E0GZX.txt to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\FJDW68PZ.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\J9A47XGM.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\3V826T0H.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TU3OFOHS.TXT to be deleted. Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.
  11. I ran the disk checks but no errors were found. The original problem is still there. To be clear, I assumed it was a dllhost problem due to posts I found on the web. The only reason I knew there was a problem is because I started to get empty dialogs poping up. The attached image is of one of those. Those popups can appear at any time but mostly appear overnight. It is not uncommon to have 30 popup windows opened. At the same time, I noticed the dllhost.exe *32 file gets larger. I usually terminate it when it gets above a MB. When I do that, all of the popup windows close. But one will usually reopen immediately afterwards. Does this describe the dllhost virus others are having or do you think I have some other problem? The result of the security test is below. Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.189 Adobe Reader XI Mozilla Firefox (33.0.2) Mozilla Thunderbird (5.0). Thunderbird out of Date! Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Alienware Command Center ThermalController.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  12. Here are the results: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.5 (10.31.2014:1) OS: Windows 7 Home Premium x64 Ran by Jack on Sat 11/01/2014 at 21:02:41.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\Users\Jack\AppData\Roaming\pccustubinstaller" ~~~ FireFox Successfully deleted: [File] C:\user.js Emptied folder: C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\l7tarqgo.default-1374718651417\minidumps [46 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 11/01/2014 at 21:06:25.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.311 - Report created 01/11/2014 at 21:11:37 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jack - JACK-PC # Running from : C:\Users\Jack\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Jack\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v33.0.2 (x86 en-US) [ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7609 octets] - [01/11/2014 21:08:08] AdwCleaner[s0].txt - [7602 octets] - [01/11/2014 21:11:37] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7662 octets] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/1/2014 Scan Time: 9:20:26 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.01 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jack Scan Type: Threat Scan Result: Completed Objects Scanned: 340802 Time Elapsed: 10 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\T-a-s-s\product.php PHP/Agent.DV.Gen trojan C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Adultslovefun\sql.php PHP/Agent.NBL trojan C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php PHP/Agent.NCC trojan C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Digishow\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Draculaclothing\images\30 Linux/Exploit.Ptrace.B trojan C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php PHP/Rst.R trojan C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ethoshopper\ntw.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\yqi.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Gigagator\ppconf.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MiniPro\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Musicoutletusa\bpk.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Rivalhost\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Users\Jack\Downloads\Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe a variant of Win32/InstallIQ.A potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe Win32/Toolbar.Conduit potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php PHP/Agent.NBL trojan I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php PHP/Kryptik.AB trojan I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php PHP/Agent.NCC trojan I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php PHP/Agent.NAG trojan I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\E-Experts\counter.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0 PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\T-a-s-s\product.php PHP/Agent.DV.Gen trojan I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\T-a-s-s\product.php PHP/Agent.DV.Gen trojan C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Adultslovefun\sql.php PHP/Agent.NBL trojan C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php PHP/Agent.NCC trojan C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Digishow\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Draculaclothing\images\30 Linux/Exploit.Ptrace.B trojan C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php PHP/Rst.R trojan C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ethoshopper\ntw.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\yqi.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Gigagator\ppconf.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MiniPro\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Musicoutletusa\bpk.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Rivalhost\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Users\Jack\Downloads\Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe a variant of Win32/InstallIQ.A potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe Win32/Toolbar.Conduit potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php PHP/Agent.NBL trojan I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php PHP/Kryptik.AB trojan I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php PHP/Agent.NCC trojan I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php PHP/Agent.NAG trojan I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\E-Experts\counter.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0 PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\T-a-s-s\product.php PHP/Agent.DV.Gen trojan I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014 Ran by Jack at 2014-11-02 08:19:36 Running from C:\Users\Jack\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47} FW: ZoneAlarm Pro Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware) Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware) Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware) AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.) ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft) ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft) ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft) ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft) ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft) ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1506.0 - AVAST Software) Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software) Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation) CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd) Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.) Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software) ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd) CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.) Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies) EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik) FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project) FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden FOSS (x32 Version: 17.00.0000 - UPS) Hidden GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware) HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com) ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle) Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla) MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation) NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NRF (x32 Version: 17.00.0000 - UPS) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.) Reconciler (x32 Version: 17.00.0000 - UPS) Hidden ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog) ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler) SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - ) Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation) Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) SQLyog 11.3 (64 bit) (HKLM\...\SQLyog64) (Version: 11.3 (64 bit) - Webyog Inc.) SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden System (x32 Version: 17.00.0000 - UPS) Hidden The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.) True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS) UPSDB (x32 Version: 17.00.0000 - UPS) Hidden UPSICC (x32 Version: 17.00.0000 - UPS) Hidden UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com) Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.) WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS) WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - ) Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - ) WorldShip (x32 Version: 17.00.0000 - UPS) Hidden WSShared (x32 Version: 17.00.0000 - UPS) Hidden Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr) Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies) ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point) ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{00A5D5A8-84D7-433E-926F-DFF56DF4BD9F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{01554A8A-F376-4064-A6A5-D8A13665C4EB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{051141EA-19E0-404B-A525-8EB4547C7753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{056FAEFE-9A9C-48B2-B458-1A39F700C803}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0604FA41-0FA4-46F5-9734-636DD2FF7E21}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{07897D7C-7CC9-4FE6-B823-DA57BD31F732}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{09889426-024E-4AA3-B39D-D2A9C3FE061E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0A07BE9D-531A-4A4A-BBE3-DC93A6C1C887}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0FB0209E-FAA2-48E9-9F04-DBFB0858788D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{10D7C8FF-C90A-49C9-939A-C845265681C0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1D0D2B96-A870-4D6F-829D-2A949F243531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1FF2E388-451A-4309-8450-A2A19F5A511D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{22B2186B-FE49-43AE-9EB7-72E8A00D7AF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{29EA3967-E71E-4657-B519-CD16BCAA2B60}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{38063D55-9EF3-4038-981A-C3AF48A064AC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{399FD32E-4E06-48FA-948A-75B12F5A50E6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{39FC56EB-285B-4305-ADD1-278049646691}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3B589405-2552-404A-A714-4DEA246433C3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3F73A396-05CC-48B9-9C5F-A2C80399BCF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{41A886BE-BF2F-41B1-8235-81502FC76A11}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{449D6FA1-46C3-49E8-8F06-D1522224A4D2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{453FD783-4A97-4BF0-BA36-F650AF78577D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{45F7AAC4-80BD-4BB8-9D9C-EC1B8677D3CC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{4F0AE54C-3970-46C7-BC52-90703E005262}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{529D958B-E6F8-422E-B94B-8E7817A15C26}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{52AD96AD-B5F5-4A65-927E-39FA9E590A0A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5457D58A-DCC9-4472-8C64-B10FC0AC070A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5B95D823-A98C-4D3D-8925-8F5E5B922921}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5CFED801-32F2-4B87-8FA5-82A48D1F5E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{63DA3D53-6160-43B7-B3BA-88D5A90A08D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{65246BFD-2ACD-4BF9-8690-CA575F555F3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{6B86834B-45D0-4C06-91F3-FDB2CB563D0E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{70C3EB9C-5AE4-43FC-BDD8-43A4C5236F3E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{7375CE48-9021-4AF4-BDA9-3F2F4F9A9B9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{74DCD065-758E-445A-8C82-A188AE37E48B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{87B84C15-F026-4BB3-B26E-AEF04670E862}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8B6DA6B5-8AA6-4EFF-89EC-7E44BF6C2F14}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8C62E740-A1A8-49B5-8118-2457AAA260F2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8F88EDB1-2C28-4029-96D4-E3200D691840}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{90823893-5C52-4CDF-A5E4-320545CDC8D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9354DFAD-5775-4D48-893F-64DF1BBCE610}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9BFA8CE4-AAE8-46F0-8215-E989E052925C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A0BD0ECF-2393-407F-A20A-CD8E1B3220D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A1088C87-0DEC-445B-9D9C-E881C0288EF2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A27FDD31-0C5B-468D-8EC9-5A1E050BEB57}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A5A4988B-F6B8-44FC-8D67-7A7E5DC01EBA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAF4DF68-C279-487D-A7D0-58DA7FCD11AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAFF502E-771E-4EA6-81E1-811AAC5FA82D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AF843D96-E44F-466E-9C78-0F403E4B4ED8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B00FB327-90F0-404D-8597-CF9D8C382DAC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B2252980-0D3E-4FDC-82D2-F9B3F24D8AEA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B33E4B2F-B67B-45BE-9BC5-BAC124E62CA2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{C22AB24F-F47E-4E9E-B71C-815D9856CEAB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CC3DCF0F-07D5-4646-A641-F172BA220650}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CCD1EE59-F38D-4CA3-8DD1-C5BA5575EFAA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CF171C8A-D1F5-46C8-971E-2481FAF083D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{D8FC2B62-0BEA-40D2-B45A-F7410A0C3A3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DBCAF10E-02D6-43DA-AC70-670537A816D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DC4EBBB7-A0F7-43B3-87E1-30E1957EC753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E42793B9-13E5-45BB-B2DF-DA4977CFC6BC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F0A4457A-E427-4C3C-A285-EC1B2F799B1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F26146DB-D9C7-4803-A78D-10947CC1E4B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F58E3621-0E79-49D7-8FBE-5CF44E8EFB79}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F9ABE7CD-4701-4DE0-9A1A-8F726651B674}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FEEBA5ED-53FE-41ED-BE55-648E2EEFF9A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) ==================== Restore Points ========================= 01-11-2014 15:33:07 ComboFix created restore point 02-11-2014 13:00:22 Windows Backup ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-07-04 11:58 - 00001140 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localsites 127.0.0.1 localhost127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10F3D27F-FFBC-4E45-BB1E-8B8AF4192827} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-22] (AVAST Software) Task: {1492EE78-0FEB-4D35-8EF5-8850EFF0BC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {18FFAC5B-7083-4FCF-B114-5D3DDBD803FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.) Task: {356C2F0D-4ECB-4AB4-9FD0-CB0F981AAAD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {6EA7FA08-AD7D-4E24-BC6B-BE938110C28C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {7ACDB8EC-396C-48DC-A98D-D1CFED39E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {8B719B26-20F1-4CE1-97A6-DD4D604FE10A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated) Task: {AFDC1808-B6E7-4389-8186-92DA226C372F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {ECDEC2D3-FC20-4633-90FC-FB2F2FF48082} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {F04229BB-F431-42B3-828A-8E77D010021E} - System32\Tasks\WampServer => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DOpusRT_RunStd_{B1CAB9BE-DAD0-4373-9F32-9C7133E753AF}.job => C:\Program Files\GPSoftware\Directory Opus\dopus.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll 2011-02-09 12:52 - 2011-01-13 13:39 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe 2011-04-29 12:39 - 2009-07-20 11:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll 2010-09-03 02:28 - 2010-09-03 02:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2011-02-09 12:48 - 2011-02-09 12:48 - 00085944 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.1.0__bebb3c8816410241\AlienLabsTools.dll 2011-02-09 12:48 - 2011-02-09 12:48 - 00037840 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.1.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll 2011-04-29 12:39 - 2009-07-20 03:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe 2011-04-21 22:08 - 2010-12-31 07:39 - 08133120 _____ () c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe 2010-11-05 17:42 - 2010-11-05 17:42 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll 2010-11-05 17:42 - 2010-11-05 17:42 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe 2014-11-01 16:06 - 2014-11-01 13:29 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\14110101\algo.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll 2011-02-09 12:52 - 2011-01-13 13:36 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll 2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2014-10-17 22:07 - 2014-10-17 22:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2011-02-09 12:39 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2664F3F5 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: GoToAssist => 3 MSCONFIG\Services: ZAPrivacyService => 2 MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3994650508-1294297652-2827424591-500 - Administrator - Disabled) Guest (S-1-5-21-3994650508-1294297652-2827424591-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3994650508-1294297652-2827424591-1005 - Limited - Enabled) Jack (S-1-5-21-3994650508-1294297652-2827424591-1000 - Administrator - Enabled) => C:\Users\Jack ==================== Faulty Device Manager Devices ============= Name: F:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: H:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (11/02/2014 06:40:49 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/01/2014 08:12:26 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-30 18:50:50.208 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:36:13.613 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:30:43.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:19:32.186 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:07:48.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:58:43.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:37:00.166 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:29:37.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:09:02.018 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 19:19:33.840 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7 CPU 930 @ 2.80GHz Percentage of memory in use: 41% Total physical RAM: 16374.89 MB Available physical RAM: 9576.3 MB Total Pagefile: 32747.97 MB Available Pagefile: 27538.68 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:713.79 GB) NTFS Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:180.31 GB) NTFS Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:492.64 GB) NTFS Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:450.37 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 97953898) Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6BBAC015) Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. ==================== End Of Log ============================
  13. I tried it in safe mode but it said avast was running and continuing could cause damage. There were two services active but they were already stopped. I found this post so I booted into normal mode, turned off avast until the next boot and tried running combofix as administrator. It went through the whole process but when it said creating the log, it stalled. After an hour of waiting, I stopped it. I then rebooted into safe mode and tried again. It ran this time and the log is below. I'm just stating the steps I took in case they caused a problem. combofix_report.txt
  14. My computer hung-up so I had to reboot. Should I start from the beginning or just with the last part?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.