Jump to content

sheituser

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

 Content Type 

Everything posted by sheituser

  1. sheituser
    Nothings changed. Same thing. Last night before I quit for the night, I checked Task Manager and there was an entry for dllhost using about 4KB. I checked it this morning first thing and it was at 700,000 KB.
  2. sheituser
    Here is the result of the test. combofix.txt
  3. sheituser
    Here are the two results: MiniToolBox by Farbar Version: 21-07-2014 Ran by Jack (administrator) on 17-11-2014 at 22:46:14 Running from "C:\Users\Jack\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localsites 127.0.0.1 localhost 127.0.0.1 localsites ========================= IP Configuration: ================================ Broadcom NetLink Gigabit Ethernet = Local Area Connection (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Jack-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet Physical Address. . . . . . . . . : F0-4D-A2-DC-80-1D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c1aa:def4:87d3:54e3%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, November 15, 2014 9:41:53 PM Lease Expires . . . . . . . . . . : Monday, November 17, 2014 11:43:44 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 250629538 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-38-05-DA-F0-4D-A2-DC-80-1D DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{B8F51288-09AF-4002-9509-913610B7FF58}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:8a0:ab1:3f57:fffa(Preferred) Link-local IPv6 Address . . . . . : fe80::8a0:ab1:3f57:fffa%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: dns-cac-lb-01.rr.com Address: 209.18.47.61 Name: google.com Addresses: 2607:f8b0:4009:805::1005 74.125.225.36 74.125.225.37 74.125.225.38 74.125.225.39 74.125.225.40 74.125.225.41 74.125.225.46 74.125.225.32 74.125.225.33 74.125.225.34 74.125.225.35 Pinging google.com [173.194.46.104] with 32 bytes of data: Reply from 173.194.46.104: bytes=32 time=53ms TTL=54 Reply from 173.194.46.104: bytes=32 time=20ms TTL=54 Ping statistics for 173.194.46.104: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 53ms, Average = 36ms Server: dns-cac-lb-01.rr.com Address: 209.18.47.61 Name: yahoo.com Addresses: 206.190.36.45 98.138.253.109 98.139.183.24 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=68ms TTL=48 Reply from 98.139.183.24: bytes=32 time=66ms TTL=48 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 66ms, Maximum = 68ms, Average = 67ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=21ms TTL=128 Reply from 127.0.0.1: bytes=32 time=6ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 6ms, Maximum = 21ms, Average = 13ms =========================================================================== Interface List 10...f0 4d a2 dc 80 1d ......Broadcom NetLink Gigabit Ethernet 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 10 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.5 266 192.168.0.5 255.255.255.255 On-link 192.168.0.5 266 192.168.0.255 255.255.255.255 On-link 192.168.0.5 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.5 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.5 266 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:9d38:6ab8:8a0:ab1:3f57:fffa/128 On-link 10 266 fe80::/64 On-link 12 306 fe80::/64 On-link 12 306 fe80::8a0:ab1:3f57:fffa/128 On-link 10 266 fe80::c1aa:def4:87d3:54e3/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 10 266 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/17/2014 09:56:42 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 09:56:09 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 05:54:08 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 05:53:37 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 01:50:57 PM) (Source: Application Error) (User: ) Description: Faulting application name: Apache.exe, version: 2.0.63.200, time stamp: 0x479031fa Faulting module name: php5ts.dll, version: 5.3.5.0, time stamp: 0x4d26013e Exception code: 0xc0000005 Fault offset: 0x0000c5c6 Faulting process id: 0x31d8 Faulting application start time: 0xApache.exe0 Faulting application path: Apache.exe1 Faulting module path: Apache.exe2 Report Id: Apache.exe3 Error: (11/17/2014 01:45:01 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 01:44:29 PM) (Source: MsiInstaller) (User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory. Error: (11/17/2014 11:43:32 AM) (Source: MySQL) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (11/17/2014 11:40:06 AM) (Source: MySQL) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (11/17/2014 11:39:57 AM) (Source: MySQL) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. System errors: ============= Error: (11/16/2014 00:14:44 AM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (11/15/2014 09:43:25 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service. Error: (11/15/2014 09:39:17 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/15/2014 02:47:15 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (11/15/2014 02:44:48 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service. Error: (11/15/2014 02:41:41 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/15/2014 02:10:40 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (11/15/2014 02:06:59 PM) (Source: Service Control Manager) (User: ) Description: The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/15/2014 02:06:51 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/15/2014 02:06:51 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Microsoft Office Sessions: ========================= Error: (11/17/2014 09:56:42 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 09:56:09 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 05:54:08 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 05:53:37 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 01:50:57 PM) (Source: Application Error)(User: ) Description: Apache.exe2.0.63.200479031faphp5ts.dll5.3.5.04d26013ec00000050000c5c631d801d0021bc5c559b8C:\wamp\bin\apache\apache2.0.63\bin\Apache.exeC:\wamp\bin\apache\apache2.0.63\bin\php5ts.dllaa250b4d-6e8a-11e4-8251-f04da2dc801d Error: (11/17/2014 01:45:01 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 01:44:29 PM) (Source: MsiInstaller)(User: Jack-PC) Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/17/2014 11:43:32 AM) (Source: MySQL)(User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (11/17/2014 11:40:06 AM) (Source: MySQL)(User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (11/17/2014 11:39:57 AM) (Source: MySQL)(User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' CodeIntegrity Errors: =================================== Date: 2014-11-07 23:28:55.396 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-07 23:28:55.169 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-30 18:50:50.208 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:36:13.613 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:30:43.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:19:32.186 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:07:48.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:58:43.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:37:00.166 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:29:37.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware) Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware) Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware) AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.) ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft) ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft) ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft) ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft) ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft) ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1506.0 - AVAST Software) Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software) Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center (x32 Version: 2011.0419.2218.38209 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0928.2139.36979 - ATI Technologies, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0419.2218.38209 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0419.2218.38209 - ATI) Hidden CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Czech (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Danish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Dutch (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help English (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help English (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Finnish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help French (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help French (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help German (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help German (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Greek (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Hungarian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Italian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Japanese (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Korean (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Norwegian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Polish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Portuguese (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Russian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Spanish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Swedish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Thai (x32 Version: 2011.0419.2217.38209 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden CCC Help Turkish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden ccc-utility64 (Version: 2010.0928.2139.36979 - ATI) Hidden ccc-utility64 (Version: 2011.0419.2218.38209 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd) Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.) Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software) ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd) CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.) Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies) EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik) FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project) FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden FOSS (x32 Version: 17.00.0000 - UPS) Hidden GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware) HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com) ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2309 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation) NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NRF (x32 Version: 17.00.0000 - UPS) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security) PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.) Reconciler (x32 Version: 17.00.0000 - UPS) Hidden ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden Roxio Burn (x32 Version: 1.6 - Roxio) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog) ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler) Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation) Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) SQLyog 11.33 (64 bit) (HKLM\...\SQLyog64) (Version: 11.33 (64 bit) - Webyog Inc.) SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden System (x32 Version: 17.00.0000 - UPS) Hidden The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.) True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation) UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS) UPSDB (x32 Version: 17.00.0000 - UPS) Hidden UPSICC (x32 Version: 17.00.0000 - UPS) Hidden UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com) Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.) WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS) WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - ) Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809 - Microsoft Corporation) Hidden WorldShip (x32 Version: 17.00.0000 - UPS) Hidden WSShared (x32 Version: 17.00.0000 - UPS) Hidden Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr) Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies) ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point) ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD) ========================= Devices: ================================ Name: F:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: H:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ========================= Memory info: =================================== Percentage of memory in use: 36% Total physical RAM: 16374.89 MB Available physical RAM: 10348.82 MB Total Pagefile: 32747.97 MB Available Pagefile: 27511.57 MB Total Virtual: 4095.88 MB Available Virtual: 3970.36 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:732.14 GB) NTFS 3 Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:39.77 GB) NTFS 7 Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:411.34 GB) NTFS 9 Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:673.57 GB) NTFS ========================= Users: ======================================== User accounts for \\JACK-PC Administrator Guest Jack ========================= Minidump Files ================================== No minidump file found ========================= Restore Points ================================== 16-11-2014 13:00:05 Windows Backup **** End of log **** RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jack [Administrator] Mode : Scan -- Date : 11/17/2014 23:14:19 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 32 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/ -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localsites ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] l7tarqgo.default-1374718651417 : user_pref("browser.startup.homepage", "http://localsites/");-> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ARRAY0 +++++ --- User --- [MBR] 58e7f69331c3d38135543e0cbcc8c374 [bSP] fe00aafa125282f746adc39f3a0dc904 : Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 8942 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18395136 | Size: 944892 MB User = LL1 ... OK Error reading LL2 MBR! ([57] The parameter is incorrect. ) +++++ PhysicalDrive1: WDC WD6000HLHX-01JJPV0 +++++ --- User --- [MBR] d4aa3fad11eaa13a33caf77b13cf4d41 [bSP] 49a37fbacc6afd1548cc43fda5909fcd : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD6000HLHX-01JJPV0 +++++ --- User --- [MBR] c160e280329114575ef9c743e9574d88 [bSP] 3c1d42840279b086de72ac5a4eefe662 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive3: WD My Book 1130 USB Device +++++ Error reading User MBR! ([57] The parameter is incorrect. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive6: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive7: Generic- MS/MS-Pro/HG USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive8: EPSON Storage USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_DEL_10262014_102021.log - RKreport_SCN_10252014_233158.log - RKreport_SCN_10262014_132228.log - RKreport_SCN_10282014_193631.log
  4. sheituser
    Here are the results: . FILE: C:\USERS\JACK\DOWNLOADS\UPDATE.EXE to be deleted. Unknown. FILE: C:\PROGRAM FILES\ALIENWARE\ALIENWARE TACTX MOUSE CI\AWMOUSECI.EXE to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\77PCUC9S.txt to be deleted. Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
  5. sheituser
    The report is attached. I did run across another problem that will hopefully help. I have a contact us page on my web site. When I click the link on it, a send message window should open in my email program. But I just tried that and a dialog popped up that said something like "the email client is not configured correctly." then IE windows starting opening. So many that I had to use the task manager to kill them. I couldn't see the actual window since more windows kept opening but the title said something like page failed to load. I tried it with a different web site - same thing. The web sits are mine so I have backups of the files and they haven't been changed. So this problem is in my computer. The email program and files are on the c drive so they have probably been tested during all of this but I ran my virus scanner and Malwarebytes on them just to be safe but nothing was found. ComboFix.txt
  6. sheituser
    To clarify, when I say I ran it, that was after rebooting into normal mode.
  7. sheituser
    I was able to get it downloaded in safe mode. Then I followed all of the instructions and ran it. The result are below. As for problems I am having, there aren't any I am aware of other than the one described for this thread - the dllhost memory and popup issue. Malwarebytes Anti-Rootkit BETA 1.08.1.1001 www.malwarebytes.org Database version: v2014.11.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17358 Jack :: JACK-PC [administrator] 11/13/2014 1:19:36 PM mbar-log-2014-11-13 (13-19-36).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 340938 Time elapsed: 8 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.807000 GHz Memory total: 17170321408, free: 15245807616 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.806000 GHz Memory total: 17170321408, free: 14033297408 Downloaded database version: v2014.11.13.07 Downloaded database version: v2014.11.12.01 ======================================= Initializing... ------------ Kernel report ------------ 11/13/2014 13:19:27 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\vidsflt.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\DRIVERS\SI3132.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\DKDFM.sys \SystemRoot\system32\drivers\FLTMGR.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\DKTLFSMF.sys \SystemRoot\system32\DRIVERS\SiWinAcc.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\aswKbd.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\aswNdis2.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\aswNdis.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\SiRemFil.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswFW.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HCW85BDA.sys \SystemRoot\system32\drivers\BdaSup.SYS \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\wdcsam64.sys \SystemRoot\system32\DRIVERS\mio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\DKRtWrt.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk8\DR23 Upper Device Object: 0xfffffa800d267790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000014f\ Lower Device Object: 0xfffffa800d10bb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa8011c9d060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009c\ Lower Device Object: 0xfffffa8011cb9060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8011cc62a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009b\ Lower Device Object: 0xfffffa8011cba750 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8011cb6060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa8011cb5660 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8011cb8060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000099\ Lower Device Object: 0xfffffa8011cb5b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8011c28060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8011c2b060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa801046e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800dba2050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa801046b790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800db9e050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8010468790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-3\ Lower Device Object: 0xfffffa800dba6050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8010468520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfda880, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 77E3ED41 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 18313216 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 18395136 Numsec = 1935138816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000210432000 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfe1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800e0f3520, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97953898 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe5900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfe3910, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6BBAC015 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 3, DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011c27040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011bac9b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011c2a580, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011bab9c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011c2b060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2DCC8 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 256 Numsec = 732558080 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 3000558944256 bytes Sector size: 4096 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb7040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb8940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011ca0950, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cb5b60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb4040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb6940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb7970, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cb5660, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cbd760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011c9f900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cbd040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb4ca0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cba750, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cca700, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011c9d940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011c9db90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cc9aa0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cb9060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 8, DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800d2f8760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8013deb920, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801497f540, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8014984e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800d10bb60, DeviceName: \Device\0000014f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17358 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.807000 GHz Memory total: 17170321408, free: 14198095872 ======================================= Initializing... ------------ Kernel report ------------ 11/13/2014 13:37:27 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\vidsflt.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\DRIVERS\SI3132.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\DKDFM.sys \SystemRoot\system32\drivers\FLTMGR.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\DKTLFSMF.sys \SystemRoot\system32\DRIVERS\SiWinAcc.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\aswKbd.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\aswNdis2.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\aswNdis.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\SiRemFil.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswFW.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HCW85BDA.sys \SystemRoot\system32\drivers\BdaSup.SYS \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\wdcsam64.sys \SystemRoot\system32\DRIVERS\mio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\DKRtWrt.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk8\DR14 Upper Device Object: 0xfffffa8014009790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000fe\ Lower Device Object: 0xfffffa8013f0f060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa8011cb2060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009c\ Lower Device Object: 0xfffffa8011cbeb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8011cc32a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009b\ Lower Device Object: 0xfffffa8011cbe060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8011c912a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa8011ca4b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8011cbd060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000099\ Lower Device Object: 0xfffffa8011cba550 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8011c43060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8011c37060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa801046e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800dba2050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa801046b790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800db9e050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8010468790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-3\ Lower Device Object: 0xfffffa800dba6050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfdc900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfd8a60, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 77E3ED41 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 18313216 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 18395136 Numsec = 1935138816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000210432000 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe1900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801046b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfe0e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97953898 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfe4900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8010462b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6BBAC015 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 3, DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011c48040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011c37900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011c396a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011c3d410, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011c37060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2DCC8 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 256 Numsec = 732558080 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 3000558944256 bytes Sector size: 4096 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cbc760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cbc040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cbdab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cabb80, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cba550, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cae510, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011caedf0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cae040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cadb40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011ca4b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb0510, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb0df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb0040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cafe00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cbe060, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cb3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb18f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cc61b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb1b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cbeb60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 8, DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8013fbf760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8013ee9be0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8013e30040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8013e125d0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8013f0f060, DeviceName: \Device\000000fe\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.1.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17420 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED CPU speed: 2.807000 GHz Memory total: 17170321408, free: 13210963968 Downloaded database version: v2014.11.13.08 ======================================= Initializing... ------------ Kernel report ------------ 11/13/2014 14:42:17 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\vidsflt.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\DRIVERS\SI3132.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\DKDFM.sys \SystemRoot\system32\drivers\FLTMGR.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\DKTLFSMF.sys \SystemRoot\system32\DRIVERS\SiWinAcc.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\aswKbd.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\aswNdis2.sys \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\aswNdis.sys \SystemRoot\system32\DRIVERS\vididr.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\SiRemFil.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswFW.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HCW85BDA.sys \SystemRoot\system32\drivers\BdaSup.SYS \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\wdcsam64.sys \SystemRoot\system32\DRIVERS\mio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LEqdUsb.Sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LHidEqd.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\afcdp.sys \SystemRoot\system32\DRIVERS\DKRtWrt.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk8\DR32 Upper Device Object: 0xfffffa8015090790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000001a8\ Lower Device Object: 0xfffffa800d820b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa8011ca7060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009c\ Lower Device Object: 0xfffffa8011caf060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8011cb55d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009b\ Lower Device Object: 0xfffffa8011cafb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8011cac060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009a\ Lower Device Object: 0xfffffa8011ca3750 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8011cae790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000099\ Lower Device Object: 0xfffffa8011ca57b0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8011bec060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8011bfe630 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8010452790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800dba4050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa801044f790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800dba0050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa801044c790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-3\ Lower Device Object: 0xfffffa800dba8050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa801043a760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfb68f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa800dfb9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800dfb6b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba8050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 77E3ED41 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 18313216 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 18395136 Numsec = 1935138816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000210432000 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010446040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa800dfbb900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801044f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa801043a520, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 97953898 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8010453040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8010452520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8010446950, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8010446e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800dba4050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6BBAC015 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1172117504 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 600127266816 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 3, DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011bf3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011b839b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011bff690, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011b819c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011bfe630, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2DCC8 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 256 Numsec = 732558080 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 3000558944256 bytes Sector size: 4096 bytes Done! Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cad760, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cad040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb1410, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011ca57b0, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011cab700, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cac940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cacb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cad520, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011ca3750, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011ca9630, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011ca9040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011cb5100, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011caae00, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011cafb60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8011ca6040, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8011cb8df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa8011ca86a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011cb8670, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa8011caf060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 8, DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8014fd2300, DeviceName: Unknown, DriverName: \Driver\DKDFM\ DevicePointer: 0xfffffa8014c40ae0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xfffffa801509b040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8014f2d300, DeviceName: Unknown, DriverName: \Driver\vidsflt\ DevicePointer: 0xfffffa800d820b60, DeviceName: \Device\000001a8\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished
  8. sheituser
    I tried to run the program but a message pops up saying it can't run on my computer and to check that I am using the correct version (32 or 64 bit - see attached). The download page tied to the doc page you mentioned says it will run on either version. I used your link to download it though. When it didn't work, I tried re-booting since that worked before with this type of problem but I still get the same message. Before trying to run it, I stopped all running programs and turned off my anti-virus and anti-spam program. Should I try running it in safe mode? Rebooting didn't fix my problems. But I found that the parts that were removed were a key string for a program and entries in the computers host file that I had added were removed. Just mentioning in case someone else has the same sort of problems.
  9. sheituser
    When I ran that program before, it took a hour, at most. This time it seemed to have locked up and after about three hours I had to kill it since I had work to do. That was yesterday. I ran it again today and just it go and it finally finished. The result is attached.combofix.txt. But after rebooting after the first run, I found a number of programs weren't working correctly. I tried a restore and got and error saying it couldn't complete due to "complusstaging." I finally did a complete restore of the c drive from my daily backup. That still didn't fix one of the programs which doesn't make sense to me since it is on the c drive but I'll have to deal with that. Hopefully the restore I did didn't cause problems with this procedure. While searching the web for this problem, I ran across a post on the Microsoft site where they recommend a clear reboot. The problem I am having doesn't appear to happen in safe mode, though I haven't tested it that way very much, so it sounds like a clean reboot might be a good idea. If you still have a plan of attack, then I will stick with what you say. I'm just grasping at straws here since this is having a terrible affect on me being able to get anything done on the computer.
  10. sheituser
    OK. I understand. The problem is still there but may be a little better. Before, after a reboot, the first popup would appear after about 5-10 minutes. After this last reboot, it didn't happen until about 30 minutes. And while the dllhost entry in the Task Manager still grows, it is doing so at a much lower rate and doesn't seem to be getting as large. So something seems to have made a difference but not enough of one.
  11. sheituser
    I removed Thunderbird and Java and ran the tests you mentioned. The results are below: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Nov 05 08:54:18 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\Classes\JavaPlugin.10512 ------------------------------------ Finished reporting. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\U8ANYUVY.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\D0OVXEX3.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Y9KQVRYJ.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\M120J4IR.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LUFF2HPX.TXT to be deleted. . FILE: C:\USERS\JACK\DOWNLOADS\UPDATE.EXE to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\6QG1TW98.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\QUEV4K9L.txt to be deleted. Unknown. FILE: C:\PROGRAM FILES\ALIENWARE\ALIENWARE TACTX MOUSE CI\AWMOUSECI.EXE to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\9QXAR6CZ.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\2D82N3N1.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Q0H3FHNJ.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\OY0J026M.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\4XFSYU1M.TXT to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\801E0GZX.txt to be deleted. Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\FJDW68PZ.txt to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\J9A47XGM.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\3V826T0H.TXT to be deleted. Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TU3OFOHS.TXT to be deleted. Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.
  12. sheituser
    I ran the disk checks but no errors were found. The original problem is still there. To be clear, I assumed it was a dllhost problem due to posts I found on the web. The only reason I knew there was a problem is because I started to get empty dialogs poping up. The attached image is of one of those. Those popups can appear at any time but mostly appear overnight. It is not uncommon to have 30 popup windows opened. At the same time, I noticed the dllhost.exe *32 file gets larger. I usually terminate it when it gets above a MB. When I do that, all of the popup windows close. But one will usually reopen immediately afterwards. Does this describe the dllhost virus others are having or do you think I have some other problem? The result of the security test is below. Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.189 Adobe Reader XI Mozilla Firefox (33.0.2) Mozilla Thunderbird (5.0). Thunderbird out of Date! Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Alienware Command Center ThermalController.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  13. sheituser
    Here are the results: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.5 (10.31.2014:1) OS: Windows 7 Home Premium x64 Ran by Jack on Sat 11/01/2014 at 21:02:41.68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\Users\Jack\AppData\Roaming\pccustubinstaller" ~~~ FireFox Successfully deleted: [File] C:\user.js Emptied folder: C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\l7tarqgo.default-1374718651417\minidumps [46 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 11/01/2014 at 21:06:25.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.311 - Report created 01/11/2014 at 21:11:37 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jack - JACK-PC # Running from : C:\Users\Jack\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Jack\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v33.0.2 (x86 en-US) [ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7609 octets] - [01/11/2014 21:08:08] AdwCleaner[s0].txt - [7602 octets] - [01/11/2014 21:11:37] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7662 octets] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/1/2014 Scan Time: 9:20:26 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.01 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jack Scan Type: Threat Scan Result: Completed Objects Scanned: 340802 Time Elapsed: 10 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\T-a-s-s\product.php PHP/Agent.DV.Gen trojan C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Adultslovefun\sql.php PHP/Agent.NBL trojan C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php PHP/Agent.NCC trojan C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Digishow\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Draculaclothing\images\30 Linux/Exploit.Ptrace.B trojan C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php PHP/Rst.R trojan C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ethoshopper\ntw.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\yqi.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Gigagator\ppconf.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MiniPro\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Musicoutletusa\bpk.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Rivalhost\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Users\Jack\Downloads\Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe a variant of Win32/InstallIQ.A potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe Win32/Toolbar.Conduit potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php PHP/Agent.NBL trojan I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php PHP/Kryptik.AB trojan I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php PHP/Agent.NCC trojan I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php PHP/Agent.NAG trojan I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\E-Experts\counter.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0 PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\T-a-s-s\product.php PHP/Agent.DV.Gen trojan I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Archived\T-a-s-s\product.php PHP/Agent.DV.Gen trojan C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Adultslovefun\sql.php PHP/Agent.NBL trojan C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php PHP/Agent.NCC trojan C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Digishow\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Draculaclothing\images\30 Linux/Exploit.Ptrace.B trojan C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php PHP/Rst.R trojan C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ethoshopper\ntw.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\yqi.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Ethoshopper\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Gigagator\ppconf.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MiniPro\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Musicoutletusa\bpk.php PHP/Obfuscated.A potentially unwanted application C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php PHP/Kryptik.AB trojan C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Rivalhost\captcha_.php PHP/WebShell.NBV trojan C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php PHP/Obfuscated.F potentially unwanted application C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application C:\Users\Jack\Downloads\Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe a variant of Win32/InstallIQ.A potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar potentially unwanted application E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe Win32/Toolbar.Conduit potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php HTML/ScrInject.B.Gen virus I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php PHP/Agent.NBL trojan I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php PHP/Kryptik.AB trojan I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php PHP/Agent.NCC trojan I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php PHP/Agent.NAG trojan I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\E-Experts\counter.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php PHP/WebShell.NBV trojan I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0 PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php PHP/Obfuscated.A potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\T-a-s-s\product.php PHP/Agent.DV.Gen trojan I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014 Ran by Jack at 2014-11-02 08:19:36 Running from C:\Users\Jack\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47} FW: ZoneAlarm Pro Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware) Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware) Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware) AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.) ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft) ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft) ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft) ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft) ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft) ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1506.0 - AVAST Software) Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software) Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation) CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd) Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.) Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software) ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd) CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.) Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies) EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik) FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project) FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden FOSS (x32 Version: 17.00.0000 - UPS) Hidden GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware) HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com) ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle) Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla) MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation) NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NRF (x32 Version: 17.00.0000 - UPS) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.) Reconciler (x32 Version: 17.00.0000 - UPS) Hidden ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog) ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler) SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - ) Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation) Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) SQLyog 11.3 (64 bit) (HKLM\...\SQLyog64) (Version: 11.3 (64 bit) - Webyog Inc.) SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden System (x32 Version: 17.00.0000 - UPS) Hidden The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.) True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS) UPSDB (x32 Version: 17.00.0000 - UPS) Hidden UPSICC (x32 Version: 17.00.0000 - UPS) Hidden UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com) Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.) WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS) WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - ) Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - ) WorldShip (x32 Version: 17.00.0000 - UPS) Hidden WSShared (x32 Version: 17.00.0000 - UPS) Hidden Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr) Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies) ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point) ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{00A5D5A8-84D7-433E-926F-DFF56DF4BD9F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{01554A8A-F376-4064-A6A5-D8A13665C4EB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{051141EA-19E0-404B-A525-8EB4547C7753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{056FAEFE-9A9C-48B2-B458-1A39F700C803}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0604FA41-0FA4-46F5-9734-636DD2FF7E21}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{07897D7C-7CC9-4FE6-B823-DA57BD31F732}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{09889426-024E-4AA3-B39D-D2A9C3FE061E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0A07BE9D-531A-4A4A-BBE3-DC93A6C1C887}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0FB0209E-FAA2-48E9-9F04-DBFB0858788D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{10D7C8FF-C90A-49C9-939A-C845265681C0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1D0D2B96-A870-4D6F-829D-2A949F243531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1FF2E388-451A-4309-8450-A2A19F5A511D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{22B2186B-FE49-43AE-9EB7-72E8A00D7AF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{29EA3967-E71E-4657-B519-CD16BCAA2B60}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{38063D55-9EF3-4038-981A-C3AF48A064AC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{399FD32E-4E06-48FA-948A-75B12F5A50E6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{39FC56EB-285B-4305-ADD1-278049646691}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3B589405-2552-404A-A714-4DEA246433C3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3F73A396-05CC-48B9-9C5F-A2C80399BCF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{41A886BE-BF2F-41B1-8235-81502FC76A11}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{449D6FA1-46C3-49E8-8F06-D1522224A4D2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{453FD783-4A97-4BF0-BA36-F650AF78577D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{45F7AAC4-80BD-4BB8-9D9C-EC1B8677D3CC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{4F0AE54C-3970-46C7-BC52-90703E005262}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{529D958B-E6F8-422E-B94B-8E7817A15C26}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{52AD96AD-B5F5-4A65-927E-39FA9E590A0A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5457D58A-DCC9-4472-8C64-B10FC0AC070A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5B95D823-A98C-4D3D-8925-8F5E5B922921}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5CFED801-32F2-4B87-8FA5-82A48D1F5E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{63DA3D53-6160-43B7-B3BA-88D5A90A08D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{65246BFD-2ACD-4BF9-8690-CA575F555F3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{6B86834B-45D0-4C06-91F3-FDB2CB563D0E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{70C3EB9C-5AE4-43FC-BDD8-43A4C5236F3E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{7375CE48-9021-4AF4-BDA9-3F2F4F9A9B9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{74DCD065-758E-445A-8C82-A188AE37E48B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{87B84C15-F026-4BB3-B26E-AEF04670E862}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8B6DA6B5-8AA6-4EFF-89EC-7E44BF6C2F14}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8C62E740-A1A8-49B5-8118-2457AAA260F2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8F88EDB1-2C28-4029-96D4-E3200D691840}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{90823893-5C52-4CDF-A5E4-320545CDC8D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9354DFAD-5775-4D48-893F-64DF1BBCE610}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9BFA8CE4-AAE8-46F0-8215-E989E052925C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A0BD0ECF-2393-407F-A20A-CD8E1B3220D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A1088C87-0DEC-445B-9D9C-E881C0288EF2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A27FDD31-0C5B-468D-8EC9-5A1E050BEB57}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A5A4988B-F6B8-44FC-8D67-7A7E5DC01EBA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAF4DF68-C279-487D-A7D0-58DA7FCD11AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAFF502E-771E-4EA6-81E1-811AAC5FA82D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AF843D96-E44F-466E-9C78-0F403E4B4ED8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B00FB327-90F0-404D-8597-CF9D8C382DAC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B2252980-0D3E-4FDC-82D2-F9B3F24D8AEA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B33E4B2F-B67B-45BE-9BC5-BAC124E62CA2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{C22AB24F-F47E-4E9E-B71C-815D9856CEAB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CC3DCF0F-07D5-4646-A641-F172BA220650}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CCD1EE59-F38D-4CA3-8DD1-C5BA5575EFAA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CF171C8A-D1F5-46C8-971E-2481FAF083D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{D8FC2B62-0BEA-40D2-B45A-F7410A0C3A3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DBCAF10E-02D6-43DA-AC70-670537A816D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DC4EBBB7-A0F7-43B3-87E1-30E1957EC753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E42793B9-13E5-45BB-B2DF-DA4977CFC6BC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F0A4457A-E427-4C3C-A285-EC1B2F799B1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F26146DB-D9C7-4803-A78D-10947CC1E4B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F58E3621-0E79-49D7-8FBE-5CF44E8EFB79}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F9ABE7CD-4701-4DE0-9A1A-8F726651B674}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FEEBA5ED-53FE-41ED-BE55-648E2EEFF9A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) ==================== Restore Points ========================= 01-11-2014 15:33:07 ComboFix created restore point 02-11-2014 13:00:22 Windows Backup ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-07-04 11:58 - 00001140 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localsites 127.0.0.1 localhost127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10F3D27F-FFBC-4E45-BB1E-8B8AF4192827} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-22] (AVAST Software) Task: {1492EE78-0FEB-4D35-8EF5-8850EFF0BC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {18FFAC5B-7083-4FCF-B114-5D3DDBD803FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.) Task: {356C2F0D-4ECB-4AB4-9FD0-CB0F981AAAD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {6EA7FA08-AD7D-4E24-BC6B-BE938110C28C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {7ACDB8EC-396C-48DC-A98D-D1CFED39E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {8B719B26-20F1-4CE1-97A6-DD4D604FE10A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated) Task: {AFDC1808-B6E7-4389-8186-92DA226C372F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {ECDEC2D3-FC20-4633-90FC-FB2F2FF48082} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {F04229BB-F431-42B3-828A-8E77D010021E} - System32\Tasks\WampServer => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DOpusRT_RunStd_{B1CAB9BE-DAD0-4373-9F32-9C7133E753AF}.job => C:\Program Files\GPSoftware\Directory Opus\dopus.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll 2011-02-09 12:52 - 2011-01-13 13:39 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe 2011-04-29 12:39 - 2009-07-20 11:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll 2010-09-03 02:28 - 2010-09-03 02:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2011-02-09 12:48 - 2011-02-09 12:48 - 00085944 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.1.0__bebb3c8816410241\AlienLabsTools.dll 2011-02-09 12:48 - 2011-02-09 12:48 - 00037840 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.1.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll 2011-04-29 12:39 - 2009-07-20 03:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe 2011-04-21 22:08 - 2010-12-31 07:39 - 08133120 _____ () c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe 2010-11-05 17:42 - 2010-11-05 17:42 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll 2010-11-05 17:42 - 2010-11-05 17:42 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe 2014-11-01 16:06 - 2014-11-01 13:29 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\14110101\algo.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll 2011-02-09 12:52 - 2011-01-13 13:36 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll 2011-02-09 12:52 - 2011-01-13 13:37 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll 2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2014-10-17 22:07 - 2014-10-17 22:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2011-02-09 12:39 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2664F3F5 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: GoToAssist => 3 MSCONFIG\Services: ZAPrivacyService => 2 MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3994650508-1294297652-2827424591-500 - Administrator - Disabled) Guest (S-1-5-21-3994650508-1294297652-2827424591-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3994650508-1294297652-2827424591-1005 - Limited - Enabled) Jack (S-1-5-21-3994650508-1294297652-2827424591-1000 - Administrator - Enabled) => C:\Users\Jack ==================== Faulty Device Manager Devices ============= Name: F:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: H:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (11/02/2014 06:40:49 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (11/01/2014 08:12:26 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-30 18:50:50.208 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:36:13.613 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:30:43.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:19:32.186 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:07:48.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:58:43.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:37:00.166 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:29:37.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:09:02.018 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 19:19:33.840 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7 CPU 930 @ 2.80GHz Percentage of memory in use: 41% Total physical RAM: 16374.89 MB Available physical RAM: 9576.3 MB Total Pagefile: 32747.97 MB Available Pagefile: 27538.68 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:713.79 GB) NTFS Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:180.31 GB) NTFS Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:492.64 GB) NTFS Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:450.37 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 97953898) Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6BBAC015) Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. ==================== End Of Log ============================
  14. sheituser
    I tried it in safe mode but it said avast was running and continuing could cause damage. There were two services active but they were already stopped. I found this post so I booted into normal mode, turned off avast until the next boot and tried running combofix as administrator. It went through the whole process but when it said creating the log, it stalled. After an hour of waiting, I stopped it. I then rebooted into safe mode and tried again. It ran this time and the log is below. I'm just stating the steps I took in case they caused a problem. combofix_report.txt
  15. sheituser
    My computer hung-up so I had to reboot. Should I start from the beginning or just with the last part?
  16. sheituser
    i tried but it failed too - not a valid Win32 application.
  17. sheituser
    When I try to run the Junkware Removal Tool a dialog says it is not a valid Win32 application. I'm running Windows 7 and I used right-click, run as administrator to open it. I went to the authors site and downloaded from there but that didn't run either. For what its worth, before creating this post, I had tried running the FRST script and it did the same thing. I thought it might have to be in safe mode to run. After I did that and rebooted back into normal mode, I can now run FRST. I only mention this since it seems something is hung-up. Should I reboot and try again?
  18. sheituser
    Thank you for looking at this. I ran all of the tests you mentioned. Below are the two reports you asked for. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/28/2014 Scan Time: 7:16:26 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.28.06 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jack Scan Type: Threat Scan Result: Completed Objects Scanned: 327110 Time Elapsed: 11 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jack [Administrator] Mode : Scan -- Date : 10/28/2014 19:36:31 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 22 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 11 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localsites [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] l7tarqgo.default-1374718651417 : user_pref("browser.startup.homepage", "localsites/"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ARRAY0 +++++ --- User --- [MBR] 58e7f69331c3d38135543e0cbcc8c374 [bSP] fe00aafa125282f746adc39f3a0dc904 : Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 8942 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18395136 | Size: 944892 MB User = LL1 ... OK Error reading LL2 MBR! ([57] The parameter is incorrect. ) +++++ PhysicalDrive1: WDC WD6000HLHX-01JJPV0 +++++ --- User --- [MBR] d4aa3fad11eaa13a33caf77b13cf4d41 [bSP] 49a37fbacc6afd1548cc43fda5909fcd : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD6000HLHX-01JJPV0 +++++ --- User --- [MBR] c160e280329114575ef9c743e9574d88 [bSP] 3c1d42840279b086de72ac5a4eefe662 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive3: WD My Book 1130 USB Device +++++ Error reading User MBR! ([57] The parameter is incorrect. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive6: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive7: Generic- MS/MS-Pro/HG USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive8: EPSON Storage USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_DEL_10262014_102021.log - RKreport_SCN_10252014_233158.log - RKreport_SCN_10262014_132228.log
  19. sheituser
    Here's the addition.txt. It was too long for the first post: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014 Ran by Jack at 2014-10-26 22:38:59 Running from E:\Storage\Downloads\Installed\Security Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Internet Security (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Internet Security (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47} FW: ZoneAlarm Pro Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware) Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware) Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware) AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.) ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft) ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft) ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft) ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft) ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft) ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft) ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft) ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft) ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft) ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1497.0 - AVAST Software) Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software) Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation) CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd) Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.) Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software) ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd) CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.) Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies) EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik) FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project) FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden FOSS (x32 Version: 17.00.0000 - UPS) Hidden GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.) GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware) HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com) ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle) Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla) MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation) NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NRF (x32 Version: 17.00.0000 - UPS) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.) Reconciler (x32 Version: 17.00.0000 - UPS) Hidden ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden Roxio Burn (x32 Version: 1.6 - Roxio) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio) Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog) ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler) SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - ) Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation) Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) SQLyog 11.3 (64 bit) (HKLM\...\SQLyog64) (Version: 11.3 (64 bit) - Webyog Inc.) SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden System (x32 Version: 17.00.0000 - UPS) Hidden The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.) True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS) UPSDB (x32 Version: 17.00.0000 - UPS) Hidden UPSICC (x32 Version: 17.00.0000 - UPS) Hidden UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com) Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.) WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS) WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - ) Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809 - Microsoft Corporation) Hidden WorldShip (x32 Version: 17.00.0000 - UPS) Hidden WSShared (x32 Version: 17.00.0000 - UPS) Hidden Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr) Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies) ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies) ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point) ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{00A5D5A8-84D7-433E-926F-DFF56DF4BD9F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{01554A8A-F376-4064-A6A5-D8A13665C4EB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{051141EA-19E0-404B-A525-8EB4547C7753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{056FAEFE-9A9C-48B2-B458-1A39F700C803}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0604FA41-0FA4-46F5-9734-636DD2FF7E21}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{07897D7C-7CC9-4FE6-B823-DA57BD31F732}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{09889426-024E-4AA3-B39D-D2A9C3FE061E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0A07BE9D-531A-4A4A-BBE3-DC93A6C1C887}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0FB0209E-FAA2-48E9-9F04-DBFB0858788D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{10D7C8FF-C90A-49C9-939A-C845265681C0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1D0D2B96-A870-4D6F-829D-2A949F243531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1FF2E388-451A-4309-8450-A2A19F5A511D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{22B2186B-FE49-43AE-9EB7-72E8A00D7AF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{29EA3967-E71E-4657-B519-CD16BCAA2B60}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{38063D55-9EF3-4038-981A-C3AF48A064AC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{399FD32E-4E06-48FA-948A-75B12F5A50E6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{39FC56EB-285B-4305-ADD1-278049646691}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3B589405-2552-404A-A714-4DEA246433C3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3F73A396-05CC-48B9-9C5F-A2C80399BCF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{41A886BE-BF2F-41B1-8235-81502FC76A11}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{449D6FA1-46C3-49E8-8F06-D1522224A4D2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{453FD783-4A97-4BF0-BA36-F650AF78577D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{45F7AAC4-80BD-4BB8-9D9C-EC1B8677D3CC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{4F0AE54C-3970-46C7-BC52-90703E005262}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{529D958B-E6F8-422E-B94B-8E7817A15C26}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{52AD96AD-B5F5-4A65-927E-39FA9E590A0A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5457D58A-DCC9-4472-8C64-B10FC0AC070A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5B95D823-A98C-4D3D-8925-8F5E5B922921}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5CFED801-32F2-4B87-8FA5-82A48D1F5E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{63DA3D53-6160-43B7-B3BA-88D5A90A08D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{65246BFD-2ACD-4BF9-8690-CA575F555F3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{6B86834B-45D0-4C06-91F3-FDB2CB563D0E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{70C3EB9C-5AE4-43FC-BDD8-43A4C5236F3E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{7375CE48-9021-4AF4-BDA9-3F2F4F9A9B9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{74DCD065-758E-445A-8C82-A188AE37E48B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{87B84C15-F026-4BB3-B26E-AEF04670E862}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8B6DA6B5-8AA6-4EFF-89EC-7E44BF6C2F14}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8C62E740-A1A8-49B5-8118-2457AAA260F2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8F88EDB1-2C28-4029-96D4-E3200D691840}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{90823893-5C52-4CDF-A5E4-320545CDC8D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9354DFAD-5775-4D48-893F-64DF1BBCE610}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9BFA8CE4-AAE8-46F0-8215-E989E052925C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A0BD0ECF-2393-407F-A20A-CD8E1B3220D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A1088C87-0DEC-445B-9D9C-E881C0288EF2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A27FDD31-0C5B-468D-8EC9-5A1E050BEB57}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A5A4988B-F6B8-44FC-8D67-7A7E5DC01EBA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAF4DF68-C279-487D-A7D0-58DA7FCD11AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAFF502E-771E-4EA6-81E1-811AAC5FA82D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AF843D96-E44F-466E-9C78-0F403E4B4ED8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B00FB327-90F0-404D-8597-CF9D8C382DAC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B2252980-0D3E-4FDC-82D2-F9B3F24D8AEA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B33E4B2F-B67B-45BE-9BC5-BAC124E62CA2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{C22AB24F-F47E-4E9E-B71C-815D9856CEAB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CC3DCF0F-07D5-4646-A641-F172BA220650}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CCD1EE59-F38D-4CA3-8DD1-C5BA5575EFAA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CF171C8A-D1F5-46C8-971E-2481FAF083D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{D8FC2B62-0BEA-40D2-B45A-F7410A0C3A3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DBCAF10E-02D6-43DA-AC70-670537A816D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DC4EBBB7-A0F7-43B3-87E1-30E1957EC753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E42793B9-13E5-45BB-B2DF-DA4977CFC6BC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F0A4457A-E427-4C3C-A285-EC1B2F799B1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F26146DB-D9C7-4803-A78D-10947CC1E4B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F58E3621-0E79-49D7-8FBE-5CF44E8EFB79}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F9ABE7CD-4701-4DE0-9A1A-8F726651B674}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FEEBA5ED-53FE-41ED-BE55-648E2EEFF9A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) ==================== Restore Points ========================= 26-10-2014 12:00:23 Windows Backup 27-10-2014 01:35:03 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-07-04 12:58 - 00001140 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localsites 127.0.0.1 localhost127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {017181DB-59FA-431C-9B5D-07B49008A6AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software) Task: {1492EE78-0FEB-4D35-8EF5-8850EFF0BC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {18FFAC5B-7083-4FCF-B114-5D3DDBD803FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.) Task: {356C2F0D-4ECB-4AB4-9FD0-CB0F981AAAD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {6EA7FA08-AD7D-4E24-BC6B-BE938110C28C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {7ACDB8EC-396C-48DC-A98D-D1CFED39E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {8B719B26-20F1-4CE1-97A6-DD4D604FE10A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated) Task: {AFDC1808-B6E7-4389-8186-92DA226C372F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {ECDEC2D3-FC20-4633-90FC-FB2F2FF48082} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {F04229BB-F431-42B3-828A-8E77D010021E} - System32\Tasks\WampServer => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DOpusRT_RunStd_{B1CAB9BE-DAD0-4373-9F32-9C7133E753AF}.job => C:\Program Files\GPSoftware\Directory Opus\dopus.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2011-02-09 13:52 - 2011-01-13 14:39 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe 2011-02-09 13:48 - 2011-02-09 13:48 - 00085944 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.1.0__bebb3c8816410241\AlienLabsTools.dll 2011-02-09 13:48 - 2011-02-09 13:48 - 00037840 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.1.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll 2011-04-29 13:39 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll 2010-09-03 03:28 - 2010-09-03 03:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll 2011-04-29 13:39 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe 2011-04-21 23:08 - 2010-12-31 08:39 - 08133120 _____ () c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe 2010-11-05 18:42 - 2010-11-05 18:42 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll 2010-11-05 18:42 - 2010-11-05 18:42 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe 2014-10-26 21:30 - 2014-10-26 18:36 - 02889728 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll 2011-02-09 13:52 - 2011-01-13 14:37 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll 2011-02-09 13:52 - 2011-01-13 14:36 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll 2011-02-09 13:52 - 2011-01-13 14:37 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll 2011-02-09 13:52 - 2011-01-13 14:37 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll 2011-02-09 13:52 - 2011-01-13 14:37 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll 2011-02-09 13:52 - 2011-01-13 14:37 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll 2011-02-09 13:52 - 2011-01-13 14:37 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll 2010-08-30 05:34 - 2010-08-30 05:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2014-10-17 23:07 - 2014-10-17 23:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2011-02-09 13:39 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2013-03-27 22:09 - 2013-03-27 22:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-09-24 23:34 - 2014-09-24 23:34 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-10-23 10:26 - 2014-10-23 10:26 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll 2011-07-18 17:07 - 2011-07-18 17:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll 2014-01-06 19:42 - 2014-01-06 19:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll 2013-03-27 22:36 - 2013-03-27 22:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2664F3F5 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: GoToAssist => 3 MSCONFIG\Services: ZAPrivacyService => 2 MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3994650508-1294297652-2827424591-500 - Administrator - Disabled) Guest (S-1-5-21-3994650508-1294297652-2827424591-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3994650508-1294297652-2827424591-1005 - Limited - Enabled) Jack (S-1-5-21-3994650508-1294297652-2827424591-1000 - Administrator - Enabled) => C:\Users\Jack ==================== Faulty Device Manager Devices ============= Name: H:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: F:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: NEC Electronics USB Hub Description: NEC Electronics USB Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: NEC Electronics Service: nusb3hub Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/26/2014 09:45:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac Faulting module name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac Exception code: 0xc0000005 Fault offset: 0x0002da7f Faulting process id: 0x1200 Faulting application start time: 0xafcdpsrv.exe0 Faulting application path: afcdpsrv.exe1 Faulting module path: afcdpsrv.exe2 Report Id: afcdpsrv.exe3 Error: (10/26/2014 09:36:40 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (10/26/2014 09:36:34 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (10/26/2014 09:36:30 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (10/26/2014 09:35:59 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (10/26/2014 09:31:35 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (10/26/2014 09:31:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac Faulting module name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac Exception code: 0xc0000005 Fault offset: 0x0002da7f Faulting process id: 0x1d14 Faulting application start time: 0xafcdpsrv.exe0 Faulting application path: afcdpsrv.exe1 Faulting module path: afcdpsrv.exe2 Report Id: afcdpsrv.exe3 Error: (10/26/2014 09:25:04 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (10/26/2014 09:24:29 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. Error: (10/26/2014 09:24:23 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' For more information, see Help and Support Center at http://www.mysql.com. System errors: ============= Error: (10/26/2014 09:45:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/26/2014 09:43:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The COM+ System Application service failed to start due to the following error: %%1053 Error: (10/26/2014 09:43:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the COM+ System Application service to connect. Error: (10/26/2014 09:39:58 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (10/26/2014 09:32:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (10/26/2014 09:31:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/26/2014 09:31:10 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (10/26/2014 09:31:10 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (10/26/2014 09:31:09 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (10/26/2014 09:31:09 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Microsoft Office Sessions: ========================= Error: (10/26/2014 09:45:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: afcdpsrv.exe2.0.0.4041515303acafcdpsrv.exe2.0.0.4041515303acc00000050002da7f120001cff187acbe9695C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exef9d1d4a9-5d7a-11e4-bdd1-f04da2dc801d Error: (10/26/2014 09:36:40 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (10/26/2014 09:36:34 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (10/26/2014 09:36:30 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (10/26/2014 09:35:59 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (10/26/2014 09:31:35 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (10/26/2014 09:31:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: afcdpsrv.exe2.0.0.4041515303acafcdpsrv.exe2.0.0.4041515303acc00000050002da7f1d1401cff185ab496b6fC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exef147d077-5d78-11e4-905a-f04da2dc801d Error: (10/26/2014 09:25:04 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (10/26/2014 09:24:29 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' Error: (10/26/2014 09:24:23 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Invalid (old?) table or database name 'ok2rm - Copy' CodeIntegrity Errors: =================================== Date: 2013-07-30 18:50:50.208 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:36:13.613 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:30:43.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:19:32.186 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-30 18:07:48.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:58:43.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:37:00.166 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:29:37.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 20:09:02.018 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-27 19:19:33.840 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7 CPU 930 @ 2.80GHz Percentage of memory in use: 26% Total physical RAM: 16374.89 MB Available physical RAM: 12073.51 MB Total Pagefile: 32747.97 MB Available Pagefile: 27488.86 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:707.76 GB) NTFS Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:185.57 GB) NTFS Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:495.39 GB) NTFS Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:556.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 97953898) Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6BBAC015) Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. ==================== End Of Log ============================
  20. sheituser
    I'm having the same problem as so many others with com surrogate using memory. I've done all I know to do for this but still no luck. Please help. Below are the results of the frst and addition files. I also installed the latest version of malwarebytes, set the settings as mentioned in other posts and ran. It found two problems in the registry so I added those to the fix list, ran the fix and then ran the program again. It doesn't find anything now. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014 Ran by Jack (administrator) on JACK-PC on 26-10-2014 22:38:35 Running from E:\Storage\Downloads\Installed\Security Loaded Profile: Jack (Available profiles: Jack) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe (Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe (Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe (AMD) C:\Windows\System32\atieclxx.exe (Aestan Software) C:\wamp\wampmanager.exe () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alienware) C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (JC&MB) C:\Program Files (x86)\Quicknote\quicknote.exe (Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\thebat.exe (Alienware Corp) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE (Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe ( Inc.) C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe (Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe (Alienware Corp.) C:\Program Files\Alienware\Command Center\ThermalController.exe () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe () C:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe () C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor) HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware) HKLM\...\Run: [] => [X] HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2010-11-05] (Microsoft) HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [414848 2014-09-16] (GP Software) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Quicknote] => C:\Program Files (x86)\Quicknote\quicknote.exe [1253376 2010-02-23] (JC&MB) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Google Update] => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [thebat_startup] => C:\Program Files (x86)\The Bat!\thebat.exe [13807536 2011-03-29] (Ritlabs S.R.L.) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE [221696 2008-04-06] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-10-18] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\MountPoints2: {ef812a05-556b-11e0-9e63-806e6f6e6963} - D:\EPSETUP.EXE Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS) Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Startup).lnk ShortcutTarget: Directory Opus (Startup).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) BootExecute: autocheck autochk * autocheck auto_reactivate \\?\Volume{74c03d16-3481-11e0-8680-806e6f6e6963}\bootwiz\asrm.bin ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File SearchScopes: HKCU - {130FE445-17ED-4FEC-B80A-9807F259FEA5} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130102,6901,0,8,0 BHO: StresStimulus Recorder Helper -> {0086E310-3FB9-45C5-A748-67F29F38D7E4} -> C:\Program Files (x86)\Fiddler2\Scripts\SSRecorderHelper.dll (Stimulus Technology) BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) BHO-x32: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD) Toolbar: HKLM-x32 - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1573504 2014-09-16] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343640 2014-09-16] (GP Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417 FF Homepage: localsites/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: SeoQuake - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-05] FF Extension: ColorZilla - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013-08-10] FF Extension: ReminderFox - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-21] FF Extension: Cookies Manager+ - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-11-18] FF Extension: Firebug - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firebug@software.joehewitt.com.xpi [2013-09-06] FF Extension: YouTube Enhancer Plus - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2013-08-23] FF Extension: Foxy SEO Tool - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\foxyseotool@foxyseotool.com.xpi [2013-10-16] FF Extension: Leading-SEO - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-nWM1zRUDcqM8sPZ4tmz40Nce7jE@jetpack.xpi [2013-10-16] FF Extension: Flash OnOff - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-XXocAsQYPfKHSY8ebTi0VcX8eNQ@jetpack.xpi [2013-08-04] FF Extension: User Agent Overrider - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\useragentoverrider@qixinglu.com.xpi [2013-10-16] FF Extension: Remove Cookies for Site - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-16] FF Extension: MeasureIt - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-30] FF Extension: SEO and Website Analysis - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}.xpi [2013-10-16] FF Extension: Show my Password - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2013-10-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-18] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-02-27] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2014-03-04] FF HKLM-x32\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2014-03-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21] CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofplnfijbongplmhcpoobljlfjeaank [2013-08-06] CHR Extension: (SEO SERP Workbench) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2013-07-24] CHR Extension: (avast! Online Security) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-23] CHR Extension: (Seo Serp Manager) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncpgpllflmbaaofhdmfamncdipmedjo [2013-09-03] CHR Extension: (Tag Assistant (by Google)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2013-07-21] CHR Extension: (WebRank SEO) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2013-07-22] CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR StartMenuInternet: Google Chrome - C:\Users\Jack\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2011-05-01] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software) R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies) R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation) R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [868352 2009-05-27] (Cyber Power Systems, Inc.) [File not signed] R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.) R2 wampapache; c:\wamp\bin\apache\apache2.0.63\bin\Apache.exe [20541 2008-01-17] (Apache Software Foundation) [File not signed] R3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] () [File not signed] S4 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-08-30] (AVAST Software) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-06] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies) R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies) R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies) S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.) R3 mio; C:\Windows\System32\DRIVERS\mio.sys [14928 2010-10-13] (Dell/Alienware) S4 Mpsnt0; No ImagePath R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-13] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-13] (Acronis) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-26] () R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-13] (Acronis International GmbH) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.) S3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0; \??\c:\program files\alienautopsy\pcdsrvc_x64.pkms [X] U3 wampapache64; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 21:42 - 2014-10-26 21:42 - 00000358 _____ () C:\Windows\PFRO.log 2014-10-26 21:37 - 2014-10-26 21:37 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-26 21:37 - 2014-10-26 21:37 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-26 21:37 - 2014-10-26 21:37 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-26 21:37 - 2014-10-26 21:37 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-10-26 21:37 - 2014-10-26 21:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-10-26 21:37 - 2014-10-26 21:37 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-10-26 21:37 - 2014-10-26 21:37 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-10-26 21:37 - 2014-10-26 21:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-26 21:35 - 2014-10-26 21:39 - 00008662 _____ () C:\Windows\IE11_main.log 2014-10-26 21:10 - 2014-10-26 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-26 21:08 - 2014-10-26 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-26 21:08 - 2014-10-26 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-26 21:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-26 21:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-26 20:05 - 2014-10-26 20:05 - 00004608 _____ () C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-26 13:52 - 2014-10-26 13:52 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk 2014-10-26 13:51 - 2014-10-26 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2014-10-25 23:21 - 2014-10-26 13:19 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-10-25 23:21 - 2014-10-25 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-10-25 23:10 - 2014-10-25 23:10 - 00003201 _____ () C:\Users\Jack\Desktop\Sophos Virus Removal Tool.lnk 2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\ProgramData\Sophos 2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-10-25 22:52 - 2014-10-25 22:52 - 355172608 _____ () C:\Windows\MEMORY.DMP 2014-10-25 22:52 - 2014-10-25 22:52 - 00262392 _____ () C:\Windows\Minidump\102514-51776-01.dmp 2014-10-25 22:24 - 2014-10-26 12:24 - 00000000 ____D () C:\NPE 2014-10-25 22:18 - 2014-10-26 12:30 - 00000000 ____D () C:\Users\Jack\AppData\Local\NPE 2014-10-25 21:56 - 2014-10-25 21:56 - 32809520 _____ (IObit ) C:\Users\Jack\Downloads\IObit-Malware-Fighter-Setup.exe 2014-10-25 09:01 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-10-25 09:01 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-10-25 09:01 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-10-25 09:01 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-10-25 08:45 - 2014-10-25 08:50 - 00008540 _____ () C:\Windows\IE10_main.log 2014-10-24 20:30 - 2014-10-26 21:42 - 00000672 _____ () C:\Windows\setupact.log 2014-10-24 20:30 - 2014-10-24 20:30 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList 2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList 2014-10-23 10:31 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-23 10:31 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-23 10:31 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-23 10:31 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-23 10:29 - 2014-10-23 10:31 - 00004195 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-10-23 09:49 - 2014-10-26 22:38 - 00000000 ____D () C:\FRST 2014-10-21 11:20 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-10-15 13:37 - 2014-10-15 13:37 - 00002910 _____ () C:\Users\Jack\AppData\Local\recently-used.xbel 2014-10-14 22:08 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 22:08 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 22:08 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 22:08 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 22:08 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-14 22:08 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 22:08 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 22:08 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 22:08 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 22:08 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 22:08 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 22:08 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 22:08 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 22:08 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 22:08 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 22:08 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-14 22:08 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-10-02 19:35 - 2014-10-02 19:35 - 00141237 _____ () C:\Users\Jack\Downloads\oscom_paypal_pro_payflow-3.1.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 22:31 - 2011-06-04 09:46 - 00000000 ____D () C:\Users\Jack\Documents\Quicknote 2014-10-26 22:17 - 2012-04-08 12:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-26 22:03 - 2011-08-14 20:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-26 21:50 - 2009-07-14 01:10 - 02012760 _____ () C:\Windows\WindowsUpdate.log 2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-26 21:45 - 2011-08-02 07:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job 2014-10-26 21:45 - 2011-07-18 13:43 - 00000199 _____ () C:\Windows\wstdUPSWSHIP.INI 2014-10-26 21:44 - 2011-08-14 20:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-26 21:44 - 2011-07-16 07:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\The Bat! 2014-10-26 21:44 - 2011-03-10 15:20 - 00001419 _____ () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-26 21:44 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\SoftThinks 2014-10-26 21:43 - 2012-09-01 13:34 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition 2014-10-26 21:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-26 21:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-26 21:29 - 2012-11-25 15:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-10-26 21:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web 2014-10-26 21:17 - 2011-04-16 07:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SQLyog 2014-10-26 21:10 - 2013-09-14 09:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes 2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-26 20:38 - 2011-07-18 13:27 - 00000000 ____D () C:\UPS 2014-10-26 13:52 - 2011-08-02 07:59 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google 2014-10-26 13:51 - 2011-08-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-26 12:45 - 2011-08-02 07:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job 2014-10-26 12:29 - 2011-09-14 11:39 - 00000000 ____D () C:\Storage 2014-10-26 10:26 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\VirtualStore 2014-10-26 01:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-25 23:22 - 2012-12-14 10:50 - 00000000 ___RD () C:\Users\Jack\Sync 2014-10-25 22:52 - 2011-03-23 12:35 - 00000000 ____D () C:\Windows\Minidump 2014-10-25 22:19 - 2013-04-24 23:24 - 00000000 ____D () C:\ProgramData\Norton 2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\IObit 2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\ProgramData\IObit 2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-10-25 20:59 - 2012-12-23 15:19 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps 2014-10-25 10:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-10-25 08:42 - 2011-06-11 21:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Arcsoft 2014-10-25 00:02 - 2011-02-09 15:03 - 00000000 ____D () C:\Windows\Panther 2014-10-24 22:15 - 2011-04-20 22:51 - 00000600 _____ () C:\Users\Jack\PUTTY.RND 2014-10-24 20:32 - 2011-05-18 03:30 - 00000000 ____D () C:\Windows\system32\inf32 2014-10-24 13:32 - 2011-07-15 09:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\FileZilla 2014-10-23 10:31 - 2013-10-18 00:05 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-23 10:31 - 2013-07-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-23 10:26 - 2014-07-02 21:37 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe 2014-10-23 10:26 - 2012-04-08 12:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-23 10:26 - 2012-04-08 12:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-23 10:26 - 2011-05-21 11:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-23 10:22 - 2012-04-07 13:20 - 00002110 _____ () C:\Users\Jack\Sti_Trace.log 2014-10-21 22:58 - 2011-08-14 20:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 22:58 - 2011-08-14 20:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 12:40 - 2011-08-02 07:59 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA 2014-10-21 12:40 - 2011-08-02 07:59 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core 2014-10-21 11:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-19 21:24 - 2011-02-09 13:52 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn 2014-10-17 22:56 - 2009-07-14 00:45 - 00353584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-17 22:52 - 2009-07-14 01:13 - 00860406 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-17 22:45 - 2013-07-27 09:17 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-17 13:26 - 2011-03-11 13:16 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Adobe 2014-10-17 13:26 - 2011-02-09 13:51 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-15 20:05 - 2012-10-21 21:39 - 00000000 ____D () C:\Users\Jack\.gimp-2.8 2014-10-09 22:29 - 2011-12-29 22:05 - 00000000 ____D () C:\Users\Jack\AppData\Local\Apple Computer 2014-10-08 22:50 - 2011-12-29 22:05 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2014-10-08 22:39 - 2011-12-29 22:05 - 00155180 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-10-07 18:45 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-03 10:02 - 2011-03-27 22:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-02 15:53 - 2011-03-13 00:25 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-01 11:11 - 2013-09-14 09:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-28 20:39 - 2012-04-26 07:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 16:53 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.