sheituser
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by sheituser
-
-
Here is the result of the test. combofix.txt
-
Here are the two results:
MiniToolBox by Farbar Version: 21-07-2014
Ran by Jack (administrator) on 17-11-2014 at 22:46:14
Running from "C:\Users\Jack\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localsites
127.0.0.1 localhost
127.0.0.1 localsites
========================= IP Configuration: ================================
Broadcom NetLink Gigabit Ethernet = Local Area Connection (Connected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Jack-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet
Physical Address. . . . . . . . . : F0-4D-A2-DC-80-1D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c1aa:def4:87d3:54e3%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, November 15, 2014 9:41:53 PM
Lease Expires . . . . . . . . . . : Monday, November 17, 2014 11:43:44 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 250629538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-38-05-DA-F0-4D-A2-DC-80-1D
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{B8F51288-09AF-4002-9509-913610B7FF58}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:8a0:ab1:3f57:fffa(Preferred)
Link-local IPv6 Address . . . . . : fe80::8a0:ab1:3f57:fffa%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61
Name: google.com
Addresses: 2607:f8b0:4009:805::1005
74.125.225.36
74.125.225.37
74.125.225.38
74.125.225.39
74.125.225.40
74.125.225.41
74.125.225.46
74.125.225.32
74.125.225.33
74.125.225.34
74.125.225.35
Pinging google.com [173.194.46.104] with 32 bytes of data:
Reply from 173.194.46.104: bytes=32 time=53ms TTL=54
Reply from 173.194.46.104: bytes=32 time=20ms TTL=54
Ping statistics for 173.194.46.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 53ms, Average = 36ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61
Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=68ms TTL=48
Reply from 98.139.183.24: bytes=32 time=66ms TTL=48
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 66ms, Maximum = 68ms, Average = 67ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=21ms TTL=128
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 21ms, Average = 13ms
===========================================================================
Interface List
10...f0 4d a2 dc 80 1d ......Broadcom NetLink Gigabit Ethernet
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 266
192.168.0.5 255.255.255.255 On-link 192.168.0.5 266
192.168.0.255 255.255.255.255 On-link 192.168.0.5 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:6ab8:8a0:ab1:3f57:fffa/128
On-link
10 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::8a0:ab1:3f57:fffa/128
On-link
10 266 fe80::c1aa:def4:87d3:54e3/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (11/17/2014 09:56:42 PM) (Source: MsiInstaller) (User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.
Error: (11/17/2014 09:56:09 PM) (Source: MsiInstaller) (User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.
Error: (11/17/2014 05:54:08 PM) (Source: MsiInstaller) (User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.
Error: (11/17/2014 05:53:37 PM) (Source: MsiInstaller) (User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.
Error: (11/17/2014 01:50:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Apache.exe, version: 2.0.63.200, time stamp: 0x479031fa
Faulting module name: php5ts.dll, version: 5.3.5.0, time stamp: 0x4d26013e
Exception code: 0xc0000005
Fault offset: 0x0000c5c6
Faulting process id: 0x31d8
Faulting application start time: 0xApache.exe0
Faulting application path: Apache.exe1
Faulting module path: Apache.exe2
Report Id: Apache.exe3
Error: (11/17/2014 01:45:01 PM) (Source: MsiInstaller) (User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.
Error: (11/17/2014 01:44:29 PM) (Source: MsiInstaller) (User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.
Error: (11/17/2014 11:43:32 AM) (Source: MySQL) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (11/17/2014 11:40:06 AM) (Source: MySQL) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (11/17/2014 11:39:57 AM) (Source: MySQL) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
System errors:
=============
Error: (11/16/2014 00:14:44 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (11/15/2014 09:43:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
Error: (11/15/2014 09:39:17 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/15/2014 02:47:15 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (11/15/2014 02:44:48 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
Error: (11/15/2014 02:41:41 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/15/2014 02:10:40 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (11/15/2014 02:06:59 PM) (Source: Service Control Manager) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/15/2014 02:06:51 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (11/15/2014 02:06:51 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Microsoft Office Sessions:
=========================
Error: (11/17/2014 09:56:42 PM) (Source: MsiInstaller)(User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/17/2014 09:56:09 PM) (Source: MsiInstaller)(User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/17/2014 05:54:08 PM) (Source: MsiInstaller)(User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/17/2014 05:53:37 PM) (Source: MsiInstaller)(User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/17/2014 01:50:57 PM) (Source: Application Error)(User: )
Description: Apache.exe2.0.63.200479031faphp5ts.dll5.3.5.04d26013ec00000050000c5c631d801d0021bc5c559b8C:\wamp\bin\apache\apache2.0.63\bin\Apache.exeC:\wamp\bin\apache\apache2.0.63\bin\php5ts.dllaa250b4d-6e8a-11e4-8251-f04da2dc801d
Error: (11/17/2014 01:45:01 PM) (Source: MsiInstaller)(User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/17/2014 01:44:29 PM) (Source: MsiInstaller)(User: Jack-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Jack\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/17/2014 11:43:32 AM) (Source: MySQL)(User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (11/17/2014 11:40:06 AM) (Source: MySQL)(User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (11/17/2014 11:39:57 AM) (Source: MySQL)(User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
CodeIntegrity Errors:
===================================
Date: 2014-11-07 23:28:55.396
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-07 23:28:55.169
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-30 18:50:50.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:36:13.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:30:43.808
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:19:32.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:07:48.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:58:43.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:37:00.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:29:37.137
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware)
Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware)
Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1506.0 - AVAST Software)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0419.2218.38209 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0928.2139.36979 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0419.2218.38209 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0419.2218.38209 - ATI) Hidden
CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help English (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help English (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help French (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help French (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help German (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help German (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0928.2138.36979 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0419.2217.38209 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
ccc-utility64 (Version: 2010.0928.2139.36979 - ATI) Hidden
ccc-utility64 (Version: 2011.0419.2218.38209 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd)
Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.)
Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden
Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software)
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd)
CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden
FOSS (x32 Version: 17.00.0000 - UPS) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2309 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation)
NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NRF (x32 Version: 17.00.0000 - UPS) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 17.00.0000 - UPS) Hidden
ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.6 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SQLyog 11.33 (64 bit) (HKLM\...\SQLyog64) (Version: 11.33 (64 bit) - Webyog Inc.)
SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden
System (x32 Version: 17.00.0000 - UPS) Hidden
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.)
True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS)
UPSDB (x32 Version: 17.00.0000 - UPS) Hidden
UPSICC (x32 Version: 17.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com)
Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - )
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809 - Microsoft Corporation) Hidden
WorldShip (x32 Version: 17.00.0000 - UPS) Hidden
WSShared (x32 Version: 17.00.0000 - UPS) Hidden
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies)
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD)
========================= Devices: ================================
Name: F:\
Description: Compact Flash
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: H:\
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
========================= Memory info: ===================================
Percentage of memory in use: 36%
Total physical RAM: 16374.89 MB
Available physical RAM: 10348.82 MB
Total Pagefile: 32747.97 MB
Available Pagefile: 27511.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.36 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:732.14 GB) NTFS
3 Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:39.77 GB) NTFS
7 Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:411.34 GB) NTFS
9 Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:673.57 GB) NTFS
========================= Users: ========================================
User accounts for \\JACK-PC
Administrator Guest Jack
========================= Minidump Files ==================================
No minidump file found
========================= Restore Points ==================================
16-11-2014 13:00:05 Windows Backup
**** End of log ****RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jack [Administrator]
Mode : Scan -- Date : 11/17/2014 23:14:19
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 32 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localsites
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] l7tarqgo.default-1374718651417 : user_pref("browser.startup.homepage", "http://localsites/");-> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ARRAY0 +++++
--- User ---
[MBR] 58e7f69331c3d38135543e0cbcc8c374
[bSP] fe00aafa125282f746adc39f3a0dc904 : Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 8942 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18395136 | Size: 944892 MB
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )
+++++ PhysicalDrive1: WDC WD6000HLHX-01JJPV0 +++++
--- User ---
[MBR] d4aa3fad11eaa13a33caf77b13cf4d41
[bSP] 49a37fbacc6afd1548cc43fda5909fcd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: WDC WD6000HLHX-01JJPV0 +++++
--- User ---
[MBR] c160e280329114575ef9c743e9574d88
[bSP] 3c1d42840279b086de72ac5a4eefe662 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive3: WD My Book 1130 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive6: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive7: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive8: EPSON Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_10262014_102021.log - RKreport_SCN_10252014_233158.log - RKreport_SCN_10262014_132228.log - RKreport_SCN_10282014_193631.log -
Here are the results:
. FILE: C:\USERS\JACK\DOWNLOADS\UPDATE.EXE to be deleted.
Unknown. FILE: C:\PROGRAM FILES\ALIENWARE\ALIENWARE TACTX MOUSE CI\AWMOUSECI.EXE to be deleted.
Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\77PCUC9S.txt to be deleted.
Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
-
The report is attached. I did run across another problem that will hopefully help. I have a contact us page on my web site. When I click the link on it, a send message window should open in my email program. But I just tried that and a dialog popped up that said something like "the email client is not configured correctly." then IE windows starting opening. So many that I had to use the task manager to kill them. I couldn't see the actual window since more windows kept opening but the title said something like page failed to load. I tried it with a different web site - same thing. The web sits are mine so I have backups of the files and they haven't been changed. So this problem is in my computer. The email program and files are on the c drive so they have probably been tested during all of this but I ran my virus scanner and Malwarebytes on them just to be safe but nothing was found.
-
To clarify, when I say I ran it, that was after rebooting into normal mode.
-
I was able to get it downloaded in safe mode. Then I followed all of the instructions and ran it. The result are below. As for problems I am having, there aren't any I am aware of other than the one described for this thread - the dllhost memory and popup issue.
Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org
Database version: v2014.11.13.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Jack :: JACK-PC [administrator]
11/13/2014 1:19:36 PM
mbar-log-2014-11-13 (13-19-36).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 340938
Time elapsed: 8 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 11.0.9600.17358
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.807000 GHz
Memory total: 17170321408, free: 15245807616
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17358
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.806000 GHz
Memory total: 17170321408, free: 14033297408
Downloaded database version: v2014.11.13.07
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
11/13/2014 13:19:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\SI3132.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\DKDFM.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\DKTLFSMF.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\aswKbd.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\mio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\DKRtWrt.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR23
Upper Device Object: 0xfffffa800d267790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000014f\
Lower Device Object: 0xfffffa800d10bb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa8011c9d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa8011cb9060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8011cc62a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009b\
Lower Device Object: 0xfffffa8011cba750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8011cb6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa8011cb5660
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8011cb8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa8011cb5b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8011c28060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8011c2b060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa801046e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800dba2050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801046b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800db9e050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8010468790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800dba6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8010468520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfda880, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 77E3ED41
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 18313216
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 18395136 Numsec = 1935138816
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000210432000 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfe1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e0f3520, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97953898
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1172117504
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 600127266816 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe5900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfe3910, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBAC015
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1172117504
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 600127266816 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 4096
Drive: 3, DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011c27040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011bac9b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011c2a580, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011bab9c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011c2b060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2DCC8
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 256 Numsec = 732558080
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 3000558944256 bytes
Sector size: 4096 bytes
Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb7040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb8940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011ca0950, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cb5b60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb4040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb6940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb7970, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cb5660, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cbd760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011c9f900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cbd040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb4ca0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cba750, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cca700, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011c9d940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011c9db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cc9aa0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cb9060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d2f8760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8013deb920, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801497f540, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014984e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800d10bb60, DeviceName: \Device\0000014f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17358
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.807000 GHz
Memory total: 17170321408, free: 14198095872
=======================================
Initializing...
------------ Kernel report ------------
11/13/2014 13:37:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\SI3132.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\DKDFM.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\DKTLFSMF.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\aswKbd.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\mio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\DKRtWrt.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR14
Upper Device Object: 0xfffffa8014009790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000fe\
Lower Device Object: 0xfffffa8013f0f060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa8011cb2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa8011cbeb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8011cc32a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009b\
Lower Device Object: 0xfffffa8011cbe060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8011c912a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa8011ca4b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8011cbd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa8011cba550
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8011c43060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8011c37060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa801046e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800dba2050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801046b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800db9e050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8010468790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800dba6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfdc900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfd8a60, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 77E3ED41
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 18313216
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 18395136 Numsec = 1935138816
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000210432000 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe1900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801046b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfe0e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97953898
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1172117504
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 600127266816 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe4900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010462b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBAC015
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1172117504
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 600127266816 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 4096
Drive: 3, DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011c48040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011c37900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011c396a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011c3d410, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011c37060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2DCC8
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 256 Numsec = 732558080
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 3000558944256 bytes
Sector size: 4096 bytes
Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cbc760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cbc040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cbdab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cabb80, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cba550, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cae510, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011caedf0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cae040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cadb40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011ca4b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb0510, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb0df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb0040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cafe00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cbe060, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb18f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cc61b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb1b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cbeb60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8013fbf760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8013ee9be0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8013e30040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8013e125d0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8013f0f060, DeviceName: \Device\000000fe\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17420
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.807000 GHz
Memory total: 17170321408, free: 13210963968
Downloaded database version: v2014.11.13.08
=======================================
Initializing...
------------ Kernel report ------------
11/13/2014 14:42:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\SI3132.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\DKDFM.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\DKTLFSMF.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\aswKbd.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\mio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\DKRtWrt.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR32
Upper Device Object: 0xfffffa8015090790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000001a8\
Lower Device Object: 0xfffffa800d820b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa8011ca7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa8011caf060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8011cb55d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009b\
Lower Device Object: 0xfffffa8011cafb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8011cac060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa8011ca3750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8011cae790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa8011ca57b0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8011bec060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8011bfe630
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8010452790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800dba4050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801044f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800dba0050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa801044c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800dba8050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801043a760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfb68f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfb9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfb6b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba8050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 77E3ED41
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 18313216
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 18395136 Numsec = 1935138816
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000210432000 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010446040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfbb900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801044f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa801043a520, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97953898
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1172117504
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 600127266816 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010453040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8010452520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8010446950, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010446e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba4050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBAC015
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1172117504
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 600127266816 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 4096
Drive: 3, DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011bf3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011b839b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011bff690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011b819c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011bfe630, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2DCC8
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 256 Numsec = 732558080
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 3000558944256 bytes
Sector size: 4096 bytes
Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cad760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cad040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb1410, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011ca57b0, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cab700, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cac940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cacb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cad520, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011ca3750, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011ca9630, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011ca9040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb5100, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011caae00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cafb60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011ca6040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb8df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011ca86a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb8670, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011caf060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014fd2300, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8014c40ae0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801509b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f2d300, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800d820b60, DeviceName: \Device\000001a8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished -
I tried to run the program but a message pops up saying it can't run on my computer and to check that I am using the correct version (32 or 64 bit - see attached). The download page tied to the doc page you mentioned says it will run on either version. I used your link to download it though. When it didn't work, I tried re-booting since that worked before with this type of problem but I still get the same message. Before trying to run it, I stopped all running programs and turned off my anti-virus and anti-spam program. Should I try running it in safe mode?
Rebooting didn't fix my problems. But I found that the parts that were removed were a key string for a program and entries in the computers host file that I had added were removed. Just mentioning in case someone else has the same sort of problems.
-
When I ran that program before, it took a hour, at most. This time it seemed to have locked up and after about three hours I had to kill it since I had work to do. That was yesterday. I ran it again today and just it go and it finally finished. The result is attached.combofix.txt.
But after rebooting after the first run, I found a number of programs weren't working correctly. I tried a restore and got and error saying it couldn't complete due to "complusstaging." I finally did a complete restore of the c drive from my daily backup. That still didn't fix one of the programs which doesn't make sense to me since it is on the c drive but I'll have to deal with that. Hopefully the restore I did didn't cause problems with this procedure.
While searching the web for this problem, I ran across a post on the Microsoft site where they recommend a clear reboot. The problem I am having doesn't appear to happen in safe mode, though I haven't tested it that way very much, so it sounds like a clean reboot might be a good idea. If you still have a plan of attack, then I will stick with what you say. I'm just grasping at straws here since this is having a terrible affect on me being able to get anything done on the computer.
-
OK. I understand. The problem is still there but may be a little better. Before, after a reboot, the first popup would appear after about 5-10 minutes. After this last reboot, it didn't happen until about 30 minutes. And while the dllhost entry in the Task Manager still grows, it is doing so at a much lower rate and doesn't seem to be getting as large. So something seems to have made a difference but not enough of one.
-
I removed Thunderbird and Java and ran the tests you mentioned. The results are below:
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Nov 05 08:54:18 2014
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Found and removed: SOFTWARE\JavaSoft
Found and removed: SOFTWARE\JreMetrics
Found and removed: SOFTWARE\Classes\JavaPlugin.10512
------------------------------------
Finished reporting.Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\U8ANYUVY.TXT to be deleted.
Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\D0OVXEX3.txt to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Y9KQVRYJ.TXT to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\M120J4IR.TXT to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LUFF2HPX.TXT to be deleted.
. FILE: C:\USERS\JACK\DOWNLOADS\UPDATE.EXE to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\6QG1TW98.TXT to be deleted.
Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\QUEV4K9L.txt to be deleted.
Unknown. FILE: C:\PROGRAM FILES\ALIENWARE\ALIENWARE TACTX MOUSE CI\AWMOUSECI.EXE to be deleted.
Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\9QXAR6CZ.txt to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\2D82N3N1.TXT to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Q0H3FHNJ.TXT to be deleted.
Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\OY0J026M.txt to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\4XFSYU1M.TXT to be deleted.
Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\801E0GZX.txt to be deleted.
Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\FJDW68PZ.txt to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\J9A47XGM.TXT to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\3V826T0H.TXT to be deleted.
Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TU3OFOHS.TXT to be deleted.
Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.
-
I ran the disk checks but no errors were found.
The original problem is still there. To be clear, I assumed it was a dllhost problem due to posts I found on the web. The only reason I knew there was a problem is because I started to get empty dialogs poping up. The attached image is of one of those. Those popups can appear at any time but mostly appear overnight. It is not uncommon to have 30 popup windows opened. At the same time, I noticed the dllhost.exe *32 file gets larger. I usually terminate it when it gets above a MB. When I do that, all of the popup windows close. But one will usually reopen immediately afterwards. Does this describe the dllhost virus others are having or do you think I have some other problem?
The result of the security test is below.
Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71
Java version out of Date!
Adobe Flash Player 15.0.0.189
Adobe Reader XI
Mozilla Firefox (33.0.2)
Mozilla Thunderbird (5.0). Thunderbird out of Date!
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Alienware Command Center ThermalController.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
Here are the results:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jack on Sat 11/01/2014 at 21:02:41.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Jack\AppData\Roaming\pccustubinstaller"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\l7tarqgo.default-1374718651417\minidumps [46 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/01/2014 at 21:06:25.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.311 - Report created 01/11/2014 at 21:11:37
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Jack\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0.2 (x86 en-US)
[ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7609 octets] - [01/11/2014 21:08:08]
AdwCleaner[s0].txt - [7602 octets] - [01/11/2014 21:11:37]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7662 octets] ##########Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/1/2014
Scan Time: 9:20:26 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.02.01
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jack
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340802
Time Elapsed: 10 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application
C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\T-a-s-s\product.php PHP/Agent.DV.Gen trojan
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Adultslovefun\sql.php PHP/Agent.NBL trojan
C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php PHP/Agent.NCC trojan
C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Digishow\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Draculaclothing\images\30 Linux/Exploit.Ptrace.B trojan
C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php PHP/Rst.R trojan
C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ethoshopper\ntw.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\yqi.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\includes\header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Gigagator\ppconf.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MiniPro\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Musicoutletusa\bpk.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Rivalhost\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Users\Jack\Downloads\Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe a variant of Win32/InstallIQ.A potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe Win32/Toolbar.Conduit potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php PHP/Agent.NBL trojan
I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php PHP/Kryptik.AB trojan
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php PHP/Agent.NCC trojan
I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php PHP/Agent.NAG trojan
I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\E-Experts\counter.php PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0 PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\T-a-s-s\product.php PHP/Agent.DV.Gen trojan
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application
C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\T-a-s-s\product.php PHP/Agent.DV.Gen trojan
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Adultslovefun\sql.php PHP/Agent.NBL trojan
C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php PHP/Agent.NCC trojan
C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Digishow\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Draculaclothing\images\30 Linux/Exploit.Ptrace.B trojan
C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php PHP/Rst.R trojan
C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ethoshopper\ntw.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\yqi.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\includes\header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Gigagator\ppconf.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MiniPro\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Musicoutletusa\bpk.php PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Rivalhost\captcha_.php PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
C:\Users\Jack\Downloads\Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe a variant of Win32/InstallIQ.A potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe Win32/Toolbar.Conduit potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php PHP/Agent.NBL trojan
I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php PHP/Kryptik.AB trojan
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php PHP/Agent.NCC trojan
I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php PHP/Agent.NAG trojan
I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\E-Experts\counter.php PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0 PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\T-a-s-s\product.php PHP/Agent.DV.Gen trojan
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php PHP/Obfuscated.F potentially unwanted applicationAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by Jack at 2014-11-02 08:19:36
Running from C:\Users\Jack\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: ZoneAlarm Pro Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware)
Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware)
Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1506.0 - AVAST Software)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation)
CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden
ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd)
Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.)
Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden
Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software)
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd)
CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden
FOSS (x32 Version: 17.00.0000 - UPS) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla)
MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation)
NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NRF (x32 Version: 17.00.0000 - UPS) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 17.00.0000 - UPS) Hidden
ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - )
Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SQLyog 11.3 (64 bit) (HKLM\...\SQLyog64) (Version: 11.3 (64 bit) - Webyog Inc.)
SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden
System (x32 Version: 17.00.0000 - UPS) Hidden
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.)
True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS)
UPSDB (x32 Version: 17.00.0000 - UPS) Hidden
UPSICC (x32 Version: 17.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com)
Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - )
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - )
WorldShip (x32 Version: 17.00.0000 - UPS) Hidden
WSShared (x32 Version: 17.00.0000 - UPS) Hidden
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies)
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{00A5D5A8-84D7-433E-926F-DFF56DF4BD9F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{01554A8A-F376-4064-A6A5-D8A13665C4EB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{051141EA-19E0-404B-A525-8EB4547C7753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{056FAEFE-9A9C-48B2-B458-1A39F700C803}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0604FA41-0FA4-46F5-9734-636DD2FF7E21}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{07897D7C-7CC9-4FE6-B823-DA57BD31F732}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{09889426-024E-4AA3-B39D-D2A9C3FE061E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0A07BE9D-531A-4A4A-BBE3-DC93A6C1C887}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0FB0209E-FAA2-48E9-9F04-DBFB0858788D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{10D7C8FF-C90A-49C9-939A-C845265681C0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1D0D2B96-A870-4D6F-829D-2A949F243531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1FF2E388-451A-4309-8450-A2A19F5A511D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{22B2186B-FE49-43AE-9EB7-72E8A00D7AF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{29EA3967-E71E-4657-B519-CD16BCAA2B60}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{38063D55-9EF3-4038-981A-C3AF48A064AC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{399FD32E-4E06-48FA-948A-75B12F5A50E6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{39FC56EB-285B-4305-ADD1-278049646691}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3B589405-2552-404A-A714-4DEA246433C3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3F73A396-05CC-48B9-9C5F-A2C80399BCF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{41A886BE-BF2F-41B1-8235-81502FC76A11}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{449D6FA1-46C3-49E8-8F06-D1522224A4D2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{453FD783-4A97-4BF0-BA36-F650AF78577D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{45F7AAC4-80BD-4BB8-9D9C-EC1B8677D3CC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{4F0AE54C-3970-46C7-BC52-90703E005262}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{529D958B-E6F8-422E-B94B-8E7817A15C26}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{52AD96AD-B5F5-4A65-927E-39FA9E590A0A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5457D58A-DCC9-4472-8C64-B10FC0AC070A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5B95D823-A98C-4D3D-8925-8F5E5B922921}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5CFED801-32F2-4B87-8FA5-82A48D1F5E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{63DA3D53-6160-43B7-B3BA-88D5A90A08D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{65246BFD-2ACD-4BF9-8690-CA575F555F3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{6B86834B-45D0-4C06-91F3-FDB2CB563D0E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{70C3EB9C-5AE4-43FC-BDD8-43A4C5236F3E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{7375CE48-9021-4AF4-BDA9-3F2F4F9A9B9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{74DCD065-758E-445A-8C82-A188AE37E48B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{87B84C15-F026-4BB3-B26E-AEF04670E862}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8B6DA6B5-8AA6-4EFF-89EC-7E44BF6C2F14}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8C62E740-A1A8-49B5-8118-2457AAA260F2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8F88EDB1-2C28-4029-96D4-E3200D691840}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{90823893-5C52-4CDF-A5E4-320545CDC8D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9354DFAD-5775-4D48-893F-64DF1BBCE610}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9BFA8CE4-AAE8-46F0-8215-E989E052925C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A0BD0ECF-2393-407F-A20A-CD8E1B3220D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A1088C87-0DEC-445B-9D9C-E881C0288EF2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A27FDD31-0C5B-468D-8EC9-5A1E050BEB57}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A5A4988B-F6B8-44FC-8D67-7A7E5DC01EBA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAF4DF68-C279-487D-A7D0-58DA7FCD11AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAFF502E-771E-4EA6-81E1-811AAC5FA82D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AF843D96-E44F-466E-9C78-0F403E4B4ED8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B00FB327-90F0-404D-8597-CF9D8C382DAC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B2252980-0D3E-4FDC-82D2-F9B3F24D8AEA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B33E4B2F-B67B-45BE-9BC5-BAC124E62CA2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{C22AB24F-F47E-4E9E-B71C-815D9856CEAB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CC3DCF0F-07D5-4646-A641-F172BA220650}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CCD1EE59-F38D-4CA3-8DD1-C5BA5575EFAA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CF171C8A-D1F5-46C8-971E-2481FAF083D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{D8FC2B62-0BEA-40D2-B45A-F7410A0C3A3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DBCAF10E-02D6-43DA-AC70-670537A816D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DC4EBBB7-A0F7-43B3-87E1-30E1957EC753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E42793B9-13E5-45BB-B2DF-DA4977CFC6BC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F0A4457A-E427-4C3C-A285-EC1B2F799B1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F26146DB-D9C7-4803-A78D-10947CC1E4B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F58E3621-0E79-49D7-8FBE-5CF44E8EFB79}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F9ABE7CD-4701-4DE0-9A1A-8F726651B674}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FEEBA5ED-53FE-41ED-BE55-648E2EEFF9A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
==================== Restore Points =========================
01-11-2014 15:33:07 ComboFix created restore point
02-11-2014 13:00:22 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-07-04 11:58 - 00001140 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 localsites
127.0.0.1 localhost127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10F3D27F-FFBC-4E45-BB1E-8B8AF4192827} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-22] (AVAST Software)
Task: {1492EE78-0FEB-4D35-8EF5-8850EFF0BC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {18FFAC5B-7083-4FCF-B114-5D3DDBD803FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.)
Task: {356C2F0D-4ECB-4AB4-9FD0-CB0F981AAAD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6EA7FA08-AD7D-4E24-BC6B-BE938110C28C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7ACDB8EC-396C-48DC-A98D-D1CFED39E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {8B719B26-20F1-4CE1-97A6-DD4D604FE10A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
Task: {AFDC1808-B6E7-4389-8186-92DA226C372F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {ECDEC2D3-FC20-4633-90FC-FB2F2FF48082} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F04229BB-F431-42B3-828A-8E77D010021E} - System32\Tasks\WampServer => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DOpusRT_RunStd_{B1CAB9BE-DAD0-4373-9F32-9C7133E753AF}.job => C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2011-02-09 12:52 - 2011-01-13 13:39 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
2011-04-29 12:39 - 2009-07-20 11:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2010-09-03 02:28 - 2010-09-03 02:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 00085944 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.1.0__bebb3c8816410241\AlienLabsTools.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 00037840 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.1.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2011-04-29 12:39 - 2009-07-20 03:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-04-21 22:08 - 2010-12-31 07:39 - 08133120 _____ () c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
2010-11-05 17:42 - 2010-11-05 17:42 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2010-11-05 17:42 - 2010-11-05 17:42 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2014-11-01 16:06 - 2014-11-01 13:29 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\14110101\algo.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll
2011-02-09 12:52 - 2011-01-13 13:36 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll
2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-17 22:07 - 2014-10-17 22:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-02-09 12:39 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2664F3F5
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3994650508-1294297652-2827424591-500 - Administrator - Disabled)
Guest (S-1-5-21-3994650508-1294297652-2827424591-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3994650508-1294297652-2827424591-1005 - Limited - Enabled)
Jack (S-1-5-21-3994650508-1294297652-2827424591-1000 - Administrator - Enabled) => C:\Users\Jack
==================== Faulty Device Manager Devices =============
Name: F:\
Description: Compact Flash
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: H:\
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (11/02/2014 06:40:49 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (11/01/2014 08:12:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-07-30 18:50:50.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:36:13.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:30:43.808
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:19:32.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:07:48.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:58:43.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:37:00.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:29:37.137
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:09:02.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 19:19:33.840
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 16374.89 MB
Available physical RAM: 9576.3 MB
Total Pagefile: 32747.97 MB
Available Pagefile: 27538.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:713.79 GB) NTFS
Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:180.31 GB) NTFS
Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:492.64 GB) NTFS
Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:450.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 97953898)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6BBAC015)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
==================== End Of Log ============================
-
I tried it in safe mode but it said avast was running and continuing could cause damage. There were two services active but they were already stopped. I found this post so I booted into normal mode, turned off avast until the next boot and tried running combofix as administrator. It went through the whole process but when it said creating the log, it stalled. After an hour of waiting, I stopped it. I then rebooted into safe mode and tried again. It ran this time and the log is below. I'm just stating the steps I took in case they caused a problem.
-
My computer hung-up so I had to reboot. Should I start from the beginning or just with the last part?
-
i tried but it failed too - not a valid Win32 application.
-
When I try to run the Junkware Removal Tool a dialog says it is not a valid Win32 application. I'm running Windows 7 and I used right-click, run as administrator to open it. I went to the authors site and downloaded from there but that didn't run either.
For what its worth, before creating this post, I had tried running the FRST script and it did the same thing. I thought it might have to be in safe mode to run. After I did that and rebooted back into normal mode, I can now run FRST. I only mention this since it seems something is hung-up. Should I reboot and try again?
-
Thank you for looking at this. I ran all of the tests you mentioned. Below are the two reports you asked for.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/28/2014
Scan Time: 7:16:26 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.28.06
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jack
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327110
Time Elapsed: 11 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jack [Administrator]
Mode : Scan -- Date : 10/28/2014 19:36:31
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 11 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localsites
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] l7tarqgo.default-1374718651417 : user_pref("browser.startup.homepage", "localsites/"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ARRAY0 +++++
--- User ---
[MBR] 58e7f69331c3d38135543e0cbcc8c374
[bSP] fe00aafa125282f746adc39f3a0dc904 : Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 8942 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18395136 | Size: 944892 MB
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )
+++++ PhysicalDrive1: WDC WD6000HLHX-01JJPV0 +++++
--- User ---
[MBR] d4aa3fad11eaa13a33caf77b13cf4d41
[bSP] 49a37fbacc6afd1548cc43fda5909fcd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: WDC WD6000HLHX-01JJPV0 +++++
--- User ---
[MBR] c160e280329114575ef9c743e9574d88
[bSP] 3c1d42840279b086de72ac5a4eefe662 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive3: WD My Book 1130 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive6: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive7: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive8: EPSON Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_10262014_102021.log - RKreport_SCN_10252014_233158.log - RKreport_SCN_10262014_132228.log -
Here's the addition.txt. It was too long for the first post:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Jack at 2014-10-26 22:38:59
Running from E:\Storage\Downloads\Installed\Security
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Internet Security (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: ZoneAlarm Pro Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware)
Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware)
Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1497.0 - AVAST Software)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation)
CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden
ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd)
Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.)
Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden
Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software)
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd)
CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden
FOSS (x32 Version: 17.00.0000 - UPS) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla)
MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation)
NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NRF (x32 Version: 17.00.0000 - UPS) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version: - JC&MB)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 17.00.0000 - UPS) Hidden
ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.6 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - )
Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SQLyog 11.3 (64 bit) (HKLM\...\SQLyog64) (Version: 11.3 (64 bit) - Webyog Inc.)
SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden
System (x32 Version: 17.00.0000 - UPS) Hidden
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.)
True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS)
UPSDB (x32 Version: 17.00.0000 - UPS) Hidden
UPSICC (x32 Version: 17.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version: - WatermarkFactory.com)
Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - )
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809 - Microsoft Corporation) Hidden
WorldShip (x32 Version: 17.00.0000 - UPS) Hidden
WSShared (x32 Version: 17.00.0000 - UPS) Hidden
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies)
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version: - Check Point Software Technologies LTD)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{00A5D5A8-84D7-433E-926F-DFF56DF4BD9F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{01554A8A-F376-4064-A6A5-D8A13665C4EB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{051141EA-19E0-404B-A525-8EB4547C7753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{056FAEFE-9A9C-48B2-B458-1A39F700C803}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0604FA41-0FA4-46F5-9734-636DD2FF7E21}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{07897D7C-7CC9-4FE6-B823-DA57BD31F732}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{09889426-024E-4AA3-B39D-D2A9C3FE061E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0A07BE9D-531A-4A4A-BBE3-DC93A6C1C887}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0FB0209E-FAA2-48E9-9F04-DBFB0858788D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{10D7C8FF-C90A-49C9-939A-C845265681C0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1D0D2B96-A870-4D6F-829D-2A949F243531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1FF2E388-451A-4309-8450-A2A19F5A511D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{22B2186B-FE49-43AE-9EB7-72E8A00D7AF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{29EA3967-E71E-4657-B519-CD16BCAA2B60}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{38063D55-9EF3-4038-981A-C3AF48A064AC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{399FD32E-4E06-48FA-948A-75B12F5A50E6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{39FC56EB-285B-4305-ADD1-278049646691}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3B589405-2552-404A-A714-4DEA246433C3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3F73A396-05CC-48B9-9C5F-A2C80399BCF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{41A886BE-BF2F-41B1-8235-81502FC76A11}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{449D6FA1-46C3-49E8-8F06-D1522224A4D2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{453FD783-4A97-4BF0-BA36-F650AF78577D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{45F7AAC4-80BD-4BB8-9D9C-EC1B8677D3CC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{4F0AE54C-3970-46C7-BC52-90703E005262}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{529D958B-E6F8-422E-B94B-8E7817A15C26}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{52AD96AD-B5F5-4A65-927E-39FA9E590A0A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5457D58A-DCC9-4472-8C64-B10FC0AC070A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5B95D823-A98C-4D3D-8925-8F5E5B922921}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5CFED801-32F2-4B87-8FA5-82A48D1F5E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{63DA3D53-6160-43B7-B3BA-88D5A90A08D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{65246BFD-2ACD-4BF9-8690-CA575F555F3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{6B86834B-45D0-4C06-91F3-FDB2CB563D0E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{70C3EB9C-5AE4-43FC-BDD8-43A4C5236F3E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{7375CE48-9021-4AF4-BDA9-3F2F4F9A9B9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{74DCD065-758E-445A-8C82-A188AE37E48B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{87B84C15-F026-4BB3-B26E-AEF04670E862}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8B6DA6B5-8AA6-4EFF-89EC-7E44BF6C2F14}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8C62E740-A1A8-49B5-8118-2457AAA260F2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8F88EDB1-2C28-4029-96D4-E3200D691840}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{90823893-5C52-4CDF-A5E4-320545CDC8D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9354DFAD-5775-4D48-893F-64DF1BBCE610}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9BFA8CE4-AAE8-46F0-8215-E989E052925C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A0BD0ECF-2393-407F-A20A-CD8E1B3220D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A1088C87-0DEC-445B-9D9C-E881C0288EF2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A27FDD31-0C5B-468D-8EC9-5A1E050BEB57}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A5A4988B-F6B8-44FC-8D67-7A7E5DC01EBA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAF4DF68-C279-487D-A7D0-58DA7FCD11AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAFF502E-771E-4EA6-81E1-811AAC5FA82D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AF843D96-E44F-466E-9C78-0F403E4B4ED8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B00FB327-90F0-404D-8597-CF9D8C382DAC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B2252980-0D3E-4FDC-82D2-F9B3F24D8AEA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B33E4B2F-B67B-45BE-9BC5-BAC124E62CA2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{C22AB24F-F47E-4E9E-B71C-815D9856CEAB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CC3DCF0F-07D5-4646-A641-F172BA220650}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CCD1EE59-F38D-4CA3-8DD1-C5BA5575EFAA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CF171C8A-D1F5-46C8-971E-2481FAF083D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{D8FC2B62-0BEA-40D2-B45A-F7410A0C3A3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DBCAF10E-02D6-43DA-AC70-670537A816D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DC4EBBB7-A0F7-43B3-87E1-30E1957EC753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E42793B9-13E5-45BB-B2DF-DA4977CFC6BC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F0A4457A-E427-4C3C-A285-EC1B2F799B1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F26146DB-D9C7-4803-A78D-10947CC1E4B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F58E3621-0E79-49D7-8FBE-5CF44E8EFB79}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F9ABE7CD-4701-4DE0-9A1A-8F726651B674}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FEEBA5ED-53FE-41ED-BE55-648E2EEFF9A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
==================== Restore Points =========================
26-10-2014 12:00:23 Windows Backup
27-10-2014 01:35:03 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2014-07-04 12:58 - 00001140 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 localsites
127.0.0.1 localhost127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {017181DB-59FA-431C-9B5D-07B49008A6AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {1492EE78-0FEB-4D35-8EF5-8850EFF0BC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {18FFAC5B-7083-4FCF-B114-5D3DDBD803FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.)
Task: {356C2F0D-4ECB-4AB4-9FD0-CB0F981AAAD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6EA7FA08-AD7D-4E24-BC6B-BE938110C28C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7ACDB8EC-396C-48DC-A98D-D1CFED39E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {8B719B26-20F1-4CE1-97A6-DD4D604FE10A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
Task: {AFDC1808-B6E7-4389-8186-92DA226C372F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {ECDEC2D3-FC20-4633-90FC-FB2F2FF48082} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F04229BB-F431-42B3-828A-8E77D010021E} - System32\Tasks\WampServer => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DOpusRT_RunStd_{B1CAB9BE-DAD0-4373-9F32-9C7133E753AF}.job => C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-02-09 13:52 - 2011-01-13 14:39 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
2011-02-09 13:48 - 2011-02-09 13:48 - 00085944 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.1.0__bebb3c8816410241\AlienLabsTools.dll
2011-02-09 13:48 - 2011-02-09 13:48 - 00037840 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.1.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2011-04-29 13:39 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2010-09-03 03:28 - 2010-09-03 03:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2011-04-29 13:39 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-04-21 23:08 - 2010-12-31 08:39 - 08133120 _____ () c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
2010-11-05 18:42 - 2010-11-05 18:42 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2010-11-05 18:42 - 2010-11-05 18:42 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2014-10-26 21:30 - 2014-10-26 18:36 - 02889728 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll
2011-02-09 13:52 - 2011-01-13 14:36 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll
2010-08-30 05:34 - 2010-08-30 05:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-10-17 23:07 - 2014-10-17 23:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-02-09 13:39 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-03-27 22:09 - 2013-03-27 22:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-09-24 23:34 - 2014-09-24 23:34 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-23 10:26 - 2014-10-23 10:26 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
2011-07-18 17:07 - 2011-07-18 17:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 19:42 - 2014-01-06 19:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2013-03-27 22:36 - 2013-03-27 22:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2664F3F5
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3994650508-1294297652-2827424591-500 - Administrator - Disabled)
Guest (S-1-5-21-3994650508-1294297652-2827424591-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3994650508-1294297652-2827424591-1005 - Limited - Enabled)
Jack (S-1-5-21-3994650508-1294297652-2827424591-1000 - Administrator - Enabled) => C:\Users\Jack
==================== Faulty Device Manager Devices =============
Name: H:\
Description: SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: F:\
Description: Compact Flash
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: NEC Electronics USB Hub
Description: NEC Electronics USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: NEC Electronics
Service: nusb3hub
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/26/2014 09:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Faulting module name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Exception code: 0xc0000005
Fault offset: 0x0002da7f
Faulting process id: 0x1200
Faulting application start time: 0xafcdpsrv.exe0
Faulting application path: afcdpsrv.exe1
Faulting module path: afcdpsrv.exe2
Report Id: afcdpsrv.exe3
Error: (10/26/2014 09:36:40 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (10/26/2014 09:36:34 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (10/26/2014 09:36:30 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (10/26/2014 09:35:59 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (10/26/2014 09:31:35 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (10/26/2014 09:31:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Faulting module name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Exception code: 0xc0000005
Fault offset: 0x0002da7f
Faulting process id: 0x1d14
Faulting application start time: 0xafcdpsrv.exe0
Faulting application path: afcdpsrv.exe1
Faulting module path: afcdpsrv.exe2
Report Id: afcdpsrv.exe3
Error: (10/26/2014 09:25:04 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (10/26/2014 09:24:29 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
Error: (10/26/2014 09:24:23 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
For more information, see Help and Support Center at http://www.mysql.com.
System errors:
=============
Error: (10/26/2014 09:45:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/26/2014 09:43:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COM+ System Application service failed to start due to the following error:
%%1053
Error: (10/26/2014 09:43:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the COM+ System Application service to connect.
Error: (10/26/2014 09:39:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (10/26/2014 09:32:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (10/26/2014 09:31:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/26/2014 09:31:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (10/26/2014 09:31:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (10/26/2014 09:31:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Error: (10/26/2014 09:31:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
Microsoft Office Sessions:
=========================
Error: (10/26/2014 09:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: afcdpsrv.exe2.0.0.4041515303acafcdpsrv.exe2.0.0.4041515303acc00000050002da7f120001cff187acbe9695C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exef9d1d4a9-5d7a-11e4-bdd1-f04da2dc801d
Error: (10/26/2014 09:36:40 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (10/26/2014 09:36:34 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (10/26/2014 09:36:30 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (10/26/2014 09:35:59 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (10/26/2014 09:31:35 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (10/26/2014 09:31:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: afcdpsrv.exe2.0.0.4041515303acafcdpsrv.exe2.0.0.4041515303acc00000050002da7f1d1401cff185ab496b6fC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exef147d077-5d78-11e4-905a-f04da2dc801d
Error: (10/26/2014 09:25:04 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (10/26/2014 09:24:29 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
Error: (10/26/2014 09:24:23 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'
CodeIntegrity Errors:
===================================
Date: 2013-07-30 18:50:50.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:36:13.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:30:43.808
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:19:32.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-30 18:07:48.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:58:43.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:37:00.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:29:37.137
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 20:09:02.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 19:19:33.840
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 26%
Total physical RAM: 16374.89 MB
Available physical RAM: 12073.51 MB
Total Pagefile: 32747.97 MB
Available Pagefile: 27488.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:707.76 GB) NTFS
Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:185.57 GB) NTFS
Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:495.39 GB) NTFS
Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:556.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 97953898)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6BBAC015)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
==================== End Of Log ============================ -
I'm having the same problem as so many others with com surrogate using memory. I've done all I know to do for this but still no luck. Please help. Below are the results of the frst and addition files. I also installed the latest version of malwarebytes, set the settings as mentioned in other posts and ran. It found two problems in the registry so I added those to the fix list, ran the fix and then ran the program again. It doesn't find anything now.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Jack (administrator) on JACK-PC on 26-10-2014 22:38:35
Running from E:\Storage\Downloads\Installed\Security
Loaded Profile: Jack (Available profiles: Jack)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Aestan Software) C:\wamp\wampmanager.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alienware) C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(JC&MB) C:\Program Files (x86)\Quicknote\quicknote.exe
(Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\thebat.exe
(Alienware Corp) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
( Inc.) C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Alienware Corp.) C:\Program Files\Alienware\Command Center\ThermalController.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
() C:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
() C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2010-11-05] (Microsoft)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [414848 2014-09-16] (GP Software)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Quicknote] => C:\Program Files (x86)\Quicknote\quicknote.exe [1253376 2010-02-23] (JC&MB)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Google Update] => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [thebat_startup] => C:\Program Files (x86)\The Bat!\thebat.exe [13807536 2011-03-29] (Ritlabs S.R.L.)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE [221696 2008-04-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-10-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\MountPoints2: {ef812a05-556b-11e0-9e63-806e6f6e6963} - D:\EPSETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk
ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Startup).lnk
ShortcutTarget: Directory Opus (Startup).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
BootExecute: autocheck autochk * autocheck auto_reactivate \\?\Volume{74c03d16-3481-11e0-8680-806e6f6e6963}\bootwiz\asrm.bin
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - {130FE445-17ED-4FEC-B80A-9807F259FEA5} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130102,6901,0,8,0
BHO: StresStimulus Recorder Helper -> {0086E310-3FB9-45C5-A748-67F29F38D7E4} -> C:\Program Files (x86)\Fiddler2\Scripts\SSRecorderHelper.dll (Stimulus Technology)
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1573504 2014-09-16] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343640 2014-09-16] (GP Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417
FF Homepage: localsites/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SeoQuake - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-05]
FF Extension: ColorZilla - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013-08-10]
FF Extension: ReminderFox - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-21]
FF Extension: Cookies Manager+ - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-11-18]
FF Extension: Firebug - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firebug@software.joehewitt.com.xpi [2013-09-06]
FF Extension: YouTube Enhancer Plus - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2013-08-23]
FF Extension: Foxy SEO Tool - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\foxyseotool@foxyseotool.com.xpi [2013-10-16]
FF Extension: Leading-SEO - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-nWM1zRUDcqM8sPZ4tmz40Nce7jE@jetpack.xpi [2013-10-16]
FF Extension: Flash OnOff - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-XXocAsQYPfKHSY8ebTi0VcX8eNQ@jetpack.xpi [2013-08-04]
FF Extension: User Agent Overrider - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\useragentoverrider@qixinglu.com.xpi [2013-10-16]
FF Extension: Remove Cookies for Site - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-16]
FF Extension: MeasureIt - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-30]
FF Extension: SEO and Website Analysis - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}.xpi [2013-10-16]
FF Extension: Show my Password - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2013-10-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-18]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-02-27]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2014-03-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofplnfijbongplmhcpoobljlfjeaank [2013-08-06]
CHR Extension: (SEO SERP Workbench) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2013-07-24]
CHR Extension: (avast! Online Security) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-23]
CHR Extension: (Seo Serp Manager) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncpgpllflmbaaofhdmfamncdipmedjo [2013-09-03]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2013-07-21]
CHR Extension: (WebRank SEO) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2013-07-22]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR StartMenuInternet: Google Chrome - C:\Users\Jack\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2011-05-01] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [868352 2009-05-27] (Cyber Power Systems, Inc.) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 wampapache; c:\wamp\bin\apache\apache2.0.63\bin\Apache.exe [20541 2008-01-17] (Apache Software Foundation) [File not signed]
R3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] () [File not signed]
S4 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-06] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
R3 mio; C:\Windows\System32\DRIVERS\mio.sys [14928 2010-10-13] (Dell/Alienware)
S4 Mpsnt0; No ImagePath
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-13] (Acronis)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-26] ()
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-13] (Acronis International GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0; \??\c:\program files\alienautopsy\pcdsrvc_x64.pkms [X]
U3 wampapache64; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 21:42 - 2014-10-26 21:42 - 00000358 _____ () C:\Windows\PFRO.log
2014-10-26 21:37 - 2014-10-26 21:37 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-26 21:37 - 2014-10-26 21:37 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-26 21:37 - 2014-10-26 21:37 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-26 21:37 - 2014-10-26 21:37 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-26 21:37 - 2014-10-26 21:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-26 21:37 - 2014-10-26 21:37 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-26 21:37 - 2014-10-26 21:37 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-26 21:37 - 2014-10-26 21:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-26 21:35 - 2014-10-26 21:39 - 00008662 _____ () C:\Windows\IE11_main.log
2014-10-26 21:10 - 2014-10-26 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 21:08 - 2014-10-26 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 21:08 - 2014-10-26 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 21:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 21:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 20:05 - 2014-10-26 20:05 - 00004608 _____ () C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 13:52 - 2014-10-26 13:52 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-10-26 13:51 - 2014-10-26 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-25 23:21 - 2014-10-26 13:19 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-25 23:21 - 2014-10-25 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-25 23:10 - 2014-10-25 23:10 - 00003201 _____ () C:\Users\Jack\Desktop\Sophos Virus Removal Tool.lnk
2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-25 22:52 - 2014-10-25 22:52 - 355172608 _____ () C:\Windows\MEMORY.DMP
2014-10-25 22:52 - 2014-10-25 22:52 - 00262392 _____ () C:\Windows\Minidump\102514-51776-01.dmp
2014-10-25 22:24 - 2014-10-26 12:24 - 00000000 ____D () C:\NPE
2014-10-25 22:18 - 2014-10-26 12:30 - 00000000 ____D () C:\Users\Jack\AppData\Local\NPE
2014-10-25 21:56 - 2014-10-25 21:56 - 32809520 _____ (IObit ) C:\Users\Jack\Downloads\IObit-Malware-Fighter-Setup.exe
2014-10-25 09:01 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-25 09:01 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-25 09:01 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-25 09:01 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-25 08:45 - 2014-10-25 08:50 - 00008540 _____ () C:\Windows\IE10_main.log
2014-10-24 20:30 - 2014-10-26 21:42 - 00000672 _____ () C:\Windows\setupact.log
2014-10-24 20:30 - 2014-10-24 20:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList
2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList
2014-10-23 10:31 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 10:31 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-23 10:31 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-23 10:31 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-23 10:29 - 2014-10-23 10:31 - 00004195 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-23 09:49 - 2014-10-26 22:38 - 00000000 ____D () C:\FRST
2014-10-21 11:20 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-10-15 13:37 - 2014-10-15 13:37 - 00002910 _____ () C:\Users\Jack\AppData\Local\recently-used.xbel
2014-10-14 22:08 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 22:08 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:08 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 22:08 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 22:08 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-14 22:08 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 22:08 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 22:08 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 22:08 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 22:08 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 22:08 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 22:08 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 22:08 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 22:08 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 22:08 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 22:08 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 22:08 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-02 19:35 - 2014-10-02 19:35 - 00141237 _____ () C:\Users\Jack\Downloads\oscom_paypal_pro_payflow-3.1.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 22:31 - 2011-06-04 09:46 - 00000000 ____D () C:\Users\Jack\Documents\Quicknote
2014-10-26 22:17 - 2012-04-08 12:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-26 22:03 - 2011-08-14 20:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 21:50 - 2009-07-14 01:10 - 02012760 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 21:45 - 2011-08-02 07:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job
2014-10-26 21:45 - 2011-07-18 13:43 - 00000199 _____ () C:\Windows\wstdUPSWSHIP.INI
2014-10-26 21:44 - 2011-08-14 20:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 21:44 - 2011-07-16 07:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\The Bat!
2014-10-26 21:44 - 2011-03-10 15:20 - 00001419 _____ () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-26 21:44 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\SoftThinks
2014-10-26 21:43 - 2012-09-01 13:34 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2014-10-26 21:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 21:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-26 21:29 - 2012-11-25 15:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-26 21:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web
2014-10-26 21:17 - 2011-04-16 07:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SQLyog
2014-10-26 21:10 - 2013-09-14 09:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes
2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 20:38 - 2011-07-18 13:27 - 00000000 ____D () C:\UPS
2014-10-26 13:52 - 2011-08-02 07:59 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google
2014-10-26 13:51 - 2011-08-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-26 12:45 - 2011-08-02 07:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job
2014-10-26 12:29 - 2011-09-14 11:39 - 00000000 ____D () C:\Storage
2014-10-26 10:26 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\VirtualStore
2014-10-26 01:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-25 23:22 - 2012-12-14 10:50 - 00000000 ___RD () C:\Users\Jack\Sync
2014-10-25 22:52 - 2011-03-23 12:35 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 22:19 - 2013-04-24 23:24 - 00000000 ____D () C:\ProgramData\Norton
2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\IObit
2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\ProgramData\IObit
2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-25 20:59 - 2012-12-23 15:19 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps
2014-10-25 10:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-25 08:42 - 2011-06-11 21:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Arcsoft
2014-10-25 00:02 - 2011-02-09 15:03 - 00000000 ____D () C:\Windows\Panther
2014-10-24 22:15 - 2011-04-20 22:51 - 00000600 _____ () C:\Users\Jack\PUTTY.RND
2014-10-24 20:32 - 2011-05-18 03:30 - 00000000 ____D () C:\Windows\system32\inf32
2014-10-24 13:32 - 2011-07-15 09:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\FileZilla
2014-10-23 10:31 - 2013-10-18 00:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 10:31 - 2013-07-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 10:26 - 2014-07-02 21:37 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2014-10-23 10:26 - 2012-04-08 12:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-23 10:26 - 2012-04-08 12:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-23 10:26 - 2011-05-21 11:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 10:22 - 2012-04-07 13:20 - 00002110 _____ () C:\Users\Jack\Sti_Trace.log
2014-10-21 22:58 - 2011-08-14 20:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 22:58 - 2011-08-14 20:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 12:40 - 2011-08-02 07:59 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA
2014-10-21 12:40 - 2011-08-02 07:59 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core
2014-10-21 11:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 21:24 - 2011-02-09 13:52 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-10-17 22:56 - 2009-07-14 00:45 - 00353584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 22:52 - 2009-07-14 01:13 - 00860406 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 22:45 - 2013-07-27 09:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 13:26 - 2011-03-11 13:16 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Adobe
2014-10-17 13:26 - 2011-02-09 13:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-15 20:05 - 2012-10-21 21:39 - 00000000 ____D () C:\Users\Jack\.gimp-2.8
2014-10-09 22:29 - 2011-12-29 22:05 - 00000000 ____D () C:\Users\Jack\AppData\Local\Apple Computer
2014-10-08 22:50 - 2011-12-29 22:05 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-10-08 22:39 - 2011-12-29 22:05 - 00155180 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-10-07 18:45 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 10:02 - 2011-03-27 22:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-02 15:53 - 2011-03-13 00:25 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2013-09-14 09:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 20:39 - 2012-04-26 07:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 16:53
==================== End Of Log ============================
Another dllhost problem
in Resolved Malware Removal Logs
Posted
Nothings changed. Same thing. Last night before I quit for the night, I checked Task Manager and there was an entry for dllhost using about 4KB. I checked it this morning first thing and it was at 700,000 KB.