Another dllhost problem

[sheituser]

I'm having the same problem as so many others with com surrogate using memory. I've done all I know to do for this but still no luck. Please help. Below are the results of the frst and addition files. I also installed the latest version of malwarebytes, set the settings as mentioned in other posts and ran. It found two problems in the registry so I added those to the fix list, ran the fix and then ran the program again. It doesn't find anything now.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Jack (administrator) on JACK-PC on 26-10-2014 22:38:35
Running from E:\Storage\Downloads\Installed\Security
Loaded Profile: Jack (Available profiles: Jack)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Aestan Software) C:\wamp\wampmanager.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alienware) C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(JC&MB) C:\Program Files (x86)\Quicknote\quicknote.exe
(Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\thebat.exe
(Alienware Corp) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
( Inc.) C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Alienware Corp.) C:\Program Files\Alienware\Command Center\ThermalController.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
() C:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
() C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2010-11-05] (Microsoft)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [414848 2014-09-16] (GP Software)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Quicknote] => C:\Program Files (x86)\Quicknote\quicknote.exe [1253376 2010-02-23] (JC&MB)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Google Update] => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [thebat_startup] => C:\Program Files (x86)\The Bat!\thebat.exe [13807536 2011-03-29] (Ritlabs S.R.L.)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE [221696 2008-04-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-10-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\MountPoints2: {ef812a05-556b-11e0-9e63-806e6f6e6963} - D:\EPSETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk
ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Startup).lnk
ShortcutTarget: Directory Opus (Startup).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
BootExecute: autocheck autochk * autocheck auto_reactivate \\?\Volume{74c03d16-3481-11e0-8680-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - {130FE445-17ED-4FEC-B80A-9807F259FEA5} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130102,6901,0,8,0
BHO: StresStimulus Recorder Helper -> {0086E310-3FB9-45C5-A748-67F29F38D7E4} -> C:\Program Files (x86)\Fiddler2\Scripts\SSRecorderHelper.dll (Stimulus Technology)
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1573504 2014-09-16] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343640 2014-09-16] (GP Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417
FF Homepage: localsites/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SeoQuake - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-05]
FF Extension: ColorZilla - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013-08-10]
FF Extension: ReminderFox - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-21]
FF Extension: Cookies Manager+ - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-11-18]
FF Extension: Firebug - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firebug@software.joehewitt.com.xpi [2013-09-06]
FF Extension: YouTube Enhancer Plus - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2013-08-23]
FF Extension: Foxy SEO Tool - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\foxyseotool@foxyseotool.com.xpi [2013-10-16]
FF Extension: Leading-SEO - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-nWM1zRUDcqM8sPZ4tmz40Nce7jE@jetpack.xpi [2013-10-16]
FF Extension: Flash OnOff - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-XXocAsQYPfKHSY8ebTi0VcX8eNQ@jetpack.xpi [2013-08-04]
FF Extension: User Agent Overrider - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\useragentoverrider@qixinglu.com.xpi [2013-10-16]
FF Extension: Remove Cookies for Site - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-16]
FF Extension: MeasureIt - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-30]
FF Extension: SEO and Website Analysis - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}.xpi [2013-10-16]
FF Extension: Show my Password - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2013-10-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-18]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-02-27]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2014-03-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofplnfijbongplmhcpoobljlfjeaank [2013-08-06]
CHR Extension: (SEO SERP Workbench) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2013-07-24]
CHR Extension: (avast! Online Security) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-23]
CHR Extension: (Seo Serp Manager) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncpgpllflmbaaofhdmfamncdipmedjo [2013-09-03]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2013-07-21]
CHR Extension: (WebRank SEO) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2013-07-22]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR StartMenuInternet: Google Chrome - C:\Users\Jack\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2011-05-01] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [868352 2009-05-27] (Cyber Power Systems, Inc.) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 wampapache; c:\wamp\bin\apache\apache2.0.63\bin\Apache.exe [20541 2008-01-17] (Apache Software Foundation) [File not signed]
R3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] () [File not signed]
S4 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-06] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
R3 mio; C:\Windows\System32\DRIVERS\mio.sys [14928 2010-10-13] (Dell/Alienware)
S4 Mpsnt0; No ImagePath
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-13] (Acronis)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-26] ()
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-13] (Acronis International GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0; \??\c:\program files\alienautopsy\pcdsrvc_x64.pkms [X]
U3 wampapache64; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 21:42 - 2014-10-26 21:42 - 00000358 _____ () C:\Windows\PFRO.log
2014-10-26 21:37 - 2014-10-26 21:37 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-26 21:37 - 2014-10-26 21:37 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-26 21:37 - 2014-10-26 21:37 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-26 21:37 - 2014-10-26 21:37 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-26 21:37 - 2014-10-26 21:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-26 21:37 - 2014-10-26 21:37 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-26 21:37 - 2014-10-26 21:37 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-26 21:37 - 2014-10-26 21:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-26 21:37 - 2014-10-26 21:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-26 21:37 - 2014-10-26 21:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-26 21:35 - 2014-10-26 21:39 - 00008662 _____ () C:\Windows\IE11_main.log
2014-10-26 21:10 - 2014-10-26 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 21:08 - 2014-10-26 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 21:08 - 2014-10-26 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 21:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 21:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 20:05 - 2014-10-26 20:05 - 00004608 _____ () C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 13:52 - 2014-10-26 13:52 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-10-26 13:51 - 2014-10-26 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-25 23:21 - 2014-10-26 13:19 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-25 23:21 - 2014-10-25 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-25 23:10 - 2014-10-25 23:10 - 00003201 _____ () C:\Users\Jack\Desktop\Sophos Virus Removal Tool.lnk
2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-25 22:52 - 2014-10-25 22:52 - 355172608 _____ () C:\Windows\MEMORY.DMP
2014-10-25 22:52 - 2014-10-25 22:52 - 00262392 _____ () C:\Windows\Minidump\102514-51776-01.dmp
2014-10-25 22:24 - 2014-10-26 12:24 - 00000000 ____D () C:\NPE
2014-10-25 22:18 - 2014-10-26 12:30 - 00000000 ____D () C:\Users\Jack\AppData\Local\NPE
2014-10-25 21:56 - 2014-10-25 21:56 - 32809520 _____ (IObit ) C:\Users\Jack\Downloads\IObit-Malware-Fighter-Setup.exe
2014-10-25 09:01 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-25 09:01 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-25 09:01 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-25 09:01 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-25 08:45 - 2014-10-25 08:50 - 00008540 _____ () C:\Windows\IE10_main.log
2014-10-24 20:30 - 2014-10-26 21:42 - 00000672 _____ () C:\Windows\setupact.log
2014-10-24 20:30 - 2014-10-24 20:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList
2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList
2014-10-23 10:31 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 10:31 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-23 10:31 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-23 10:31 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-23 10:29 - 2014-10-23 10:31 - 00004195 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-23 09:49 - 2014-10-26 22:38 - 00000000 ____D () C:\FRST
2014-10-21 11:20 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-10-15 13:37 - 2014-10-15 13:37 - 00002910 _____ () C:\Users\Jack\AppData\Local\recently-used.xbel
2014-10-14 22:08 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 22:08 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:08 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 22:08 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 22:08 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-14 22:08 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-14 22:08 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 22:08 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 22:08 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 22:08 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 22:08 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 22:08 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 22:08 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 22:08 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 22:08 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 22:08 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 22:08 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 22:08 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 22:08 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 22:08 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-14 22:08 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-14 22:08 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-02 19:35 - 2014-10-02 19:35 - 00141237 _____ () C:\Users\Jack\Downloads\oscom_paypal_pro_payflow-3.1.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 22:31 - 2011-06-04 09:46 - 00000000 ____D () C:\Users\Jack\Documents\Quicknote
2014-10-26 22:17 - 2012-04-08 12:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-26 22:03 - 2011-08-14 20:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 21:50 - 2009-07-14 01:10 - 02012760 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 21:45 - 2011-08-02 07:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job
2014-10-26 21:45 - 2011-07-18 13:43 - 00000199 _____ () C:\Windows\wstdUPSWSHIP.INI
2014-10-26 21:44 - 2011-08-14 20:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 21:44 - 2011-07-16 07:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\The Bat!
2014-10-26 21:44 - 2011-03-10 15:20 - 00001419 _____ () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-26 21:44 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\SoftThinks
2014-10-26 21:43 - 2012-09-01 13:34 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2014-10-26 21:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 21:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-26 21:29 - 2012-11-25 15:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-26 21:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web
2014-10-26 21:17 - 2011-04-16 07:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SQLyog
2014-10-26 21:10 - 2013-09-14 09:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes
2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 20:38 - 2011-07-18 13:27 - 00000000 ____D () C:\UPS
2014-10-26 13:52 - 2011-08-02 07:59 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google
2014-10-26 13:51 - 2011-08-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-26 12:45 - 2011-08-02 07:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job
2014-10-26 12:29 - 2011-09-14 11:39 - 00000000 ____D () C:\Storage
2014-10-26 10:26 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\VirtualStore
2014-10-26 01:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-25 23:22 - 2012-12-14 10:50 - 00000000 ___RD () C:\Users\Jack\Sync
2014-10-25 22:52 - 2011-03-23 12:35 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 22:19 - 2013-04-24 23:24 - 00000000 ____D () C:\ProgramData\Norton
2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\IObit
2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\ProgramData\IObit
2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-25 20:59 - 2012-12-23 15:19 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps
2014-10-25 10:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-25 08:42 - 2011-06-11 21:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Arcsoft
2014-10-25 00:02 - 2011-02-09 15:03 - 00000000 ____D () C:\Windows\Panther
2014-10-24 22:15 - 2011-04-20 22:51 - 00000600 _____ () C:\Users\Jack\PUTTY.RND
2014-10-24 20:32 - 2011-05-18 03:30 - 00000000 ____D () C:\Windows\system32\inf32
2014-10-24 13:32 - 2011-07-15 09:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\FileZilla
2014-10-23 10:31 - 2013-10-18 00:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 10:31 - 2013-07-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 10:26 - 2014-07-02 21:37 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2014-10-23 10:26 - 2012-04-08 12:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-23 10:26 - 2012-04-08 12:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-23 10:26 - 2011-05-21 11:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 10:22 - 2012-04-07 13:20 - 00002110 _____ () C:\Users\Jack\Sti_Trace.log
2014-10-21 22:58 - 2011-08-14 20:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 22:58 - 2011-08-14 20:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 12:40 - 2011-08-02 07:59 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA
2014-10-21 12:40 - 2011-08-02 07:59 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core
2014-10-21 11:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 21:24 - 2011-02-09 13:52 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-10-17 22:56 - 2009-07-14 00:45 - 00353584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 22:52 - 2009-07-14 01:13 - 00860406 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 22:45 - 2013-07-27 09:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 13:26 - 2011-03-11 13:16 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Adobe
2014-10-17 13:26 - 2011-02-09 13:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-15 20:05 - 2012-10-21 21:39 - 00000000 ____D () C:\Users\Jack\.gimp-2.8
2014-10-09 22:29 - 2011-12-29 22:05 - 00000000 ____D () C:\Users\Jack\AppData\Local\Apple Computer
2014-10-08 22:50 - 2011-12-29 22:05 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-10-08 22:39 - 2011-12-29 22:05 - 00155180 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-10-07 18:45 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 10:02 - 2011-03-27 22:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-02 15:53 - 2011-03-13 00:25 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2013-09-14 09:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 20:39 - 2012-04-26 07:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 16:53

==================== End Of Log ============================

[sheituser]

Here's the addition.txt. It was too long for the first post:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Jack at 2014-10-26 22:38:59
Running from E:\Storage\Downloads\Installed\Security
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Internet Security (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: ZoneAlarm Pro Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware)
Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware)
Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1497.0 - AVAST Software)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation)
CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden
ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd)
Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.)
Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden
Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software)
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden
FOSS (x32 Version: 17.00.0000 - UPS) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla)
MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation)
NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NRF (x32 Version: 17.00.0000 - UPS) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version:  - JC&MB)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 17.00.0000 - UPS) Hidden
ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.6 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version:  - )
Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SQLyog 11.3 (64 bit) (HKLM\...\SQLyog64) (Version: 11.3 (64 bit) - Webyog Inc.)
SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden
System (x32 Version: 17.00.0000 - UPS) Hidden
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version:  - Affilorama Ltd.)
True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS)
UPSDB (x32 Version: 17.00.0000 - UPS) Hidden
UPSICC (x32 Version: 17.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version:  - WatermarkFactory.com)
Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version:  - )
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809 - Microsoft Corporation) Hidden
WorldShip (x32 Version: 17.00.0000 - UPS) Hidden
WSShared (x32 Version: 17.00.0000 - UPS) Hidden
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies)
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version:  - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{00A5D5A8-84D7-433E-926F-DFF56DF4BD9F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{01554A8A-F376-4064-A6A5-D8A13665C4EB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{051141EA-19E0-404B-A525-8EB4547C7753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{056FAEFE-9A9C-48B2-B458-1A39F700C803}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0604FA41-0FA4-46F5-9734-636DD2FF7E21}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{07897D7C-7CC9-4FE6-B823-DA57BD31F732}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{09889426-024E-4AA3-B39D-D2A9C3FE061E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0A07BE9D-531A-4A4A-BBE3-DC93A6C1C887}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0FB0209E-FAA2-48E9-9F04-DBFB0858788D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{10D7C8FF-C90A-49C9-939A-C845265681C0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1D0D2B96-A870-4D6F-829D-2A949F243531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1FF2E388-451A-4309-8450-A2A19F5A511D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{22B2186B-FE49-43AE-9EB7-72E8A00D7AF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{29EA3967-E71E-4657-B519-CD16BCAA2B60}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{38063D55-9EF3-4038-981A-C3AF48A064AC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{399FD32E-4E06-48FA-948A-75B12F5A50E6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{39FC56EB-285B-4305-ADD1-278049646691}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3B589405-2552-404A-A714-4DEA246433C3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3F73A396-05CC-48B9-9C5F-A2C80399BCF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{41A886BE-BF2F-41B1-8235-81502FC76A11}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{449D6FA1-46C3-49E8-8F06-D1522224A4D2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{453FD783-4A97-4BF0-BA36-F650AF78577D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{45F7AAC4-80BD-4BB8-9D9C-EC1B8677D3CC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{4F0AE54C-3970-46C7-BC52-90703E005262}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{529D958B-E6F8-422E-B94B-8E7817A15C26}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{52AD96AD-B5F5-4A65-927E-39FA9E590A0A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5457D58A-DCC9-4472-8C64-B10FC0AC070A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5B95D823-A98C-4D3D-8925-8F5E5B922921}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5CFED801-32F2-4B87-8FA5-82A48D1F5E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{63DA3D53-6160-43B7-B3BA-88D5A90A08D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{65246BFD-2ACD-4BF9-8690-CA575F555F3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{6B86834B-45D0-4C06-91F3-FDB2CB563D0E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{70C3EB9C-5AE4-43FC-BDD8-43A4C5236F3E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{7375CE48-9021-4AF4-BDA9-3F2F4F9A9B9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{74DCD065-758E-445A-8C82-A188AE37E48B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{87B84C15-F026-4BB3-B26E-AEF04670E862}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8B6DA6B5-8AA6-4EFF-89EC-7E44BF6C2F14}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8C62E740-A1A8-49B5-8118-2457AAA260F2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8F88EDB1-2C28-4029-96D4-E3200D691840}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{90823893-5C52-4CDF-A5E4-320545CDC8D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9354DFAD-5775-4D48-893F-64DF1BBCE610}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9BFA8CE4-AAE8-46F0-8215-E989E052925C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A0BD0ECF-2393-407F-A20A-CD8E1B3220D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A1088C87-0DEC-445B-9D9C-E881C0288EF2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A27FDD31-0C5B-468D-8EC9-5A1E050BEB57}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A5A4988B-F6B8-44FC-8D67-7A7E5DC01EBA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAF4DF68-C279-487D-A7D0-58DA7FCD11AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAFF502E-771E-4EA6-81E1-811AAC5FA82D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AF843D96-E44F-466E-9C78-0F403E4B4ED8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B00FB327-90F0-404D-8597-CF9D8C382DAC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B2252980-0D3E-4FDC-82D2-F9B3F24D8AEA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B33E4B2F-B67B-45BE-9BC5-BAC124E62CA2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{C22AB24F-F47E-4E9E-B71C-815D9856CEAB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CC3DCF0F-07D5-4646-A641-F172BA220650}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CCD1EE59-F38D-4CA3-8DD1-C5BA5575EFAA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CF171C8A-D1F5-46C8-971E-2481FAF083D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{D8FC2B62-0BEA-40D2-B45A-F7410A0C3A3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DBCAF10E-02D6-43DA-AC70-670537A816D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DC4EBBB7-A0F7-43B3-87E1-30E1957EC753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E42793B9-13E5-45BB-B2DF-DA4977CFC6BC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F0A4457A-E427-4C3C-A285-EC1B2F799B1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F26146DB-D9C7-4803-A78D-10947CC1E4B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F58E3621-0E79-49D7-8FBE-5CF44E8EFB79}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F9ABE7CD-4701-4DE0-9A1A-8F726651B674}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FEEBA5ED-53FE-41ED-BE55-648E2EEFF9A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)

==================== Restore Points  =========================

26-10-2014 12:00:23 Windows Backup
27-10-2014 01:35:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-07-04 12:58 - 00001140 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 localsites
127.0.0.1       localhost127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {017181DB-59FA-431C-9B5D-07B49008A6AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {1492EE78-0FEB-4D35-8EF5-8850EFF0BC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {18FFAC5B-7083-4FCF-B114-5D3DDBD803FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.)
Task: {356C2F0D-4ECB-4AB4-9FD0-CB0F981AAAD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6EA7FA08-AD7D-4E24-BC6B-BE938110C28C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7ACDB8EC-396C-48DC-A98D-D1CFED39E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {8B719B26-20F1-4CE1-97A6-DD4D604FE10A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
Task: {AFDC1808-B6E7-4389-8186-92DA226C372F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {ECDEC2D3-FC20-4633-90FC-FB2F2FF48082} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F04229BB-F431-42B3-828A-8E77D010021E} - System32\Tasks\WampServer => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DOpusRT_RunStd_{B1CAB9BE-DAD0-4373-9F32-9C7133E753AF}.job => C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-02-09 13:52 - 2011-01-13 14:39 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
2011-02-09 13:48 - 2011-02-09 13:48 - 00085944 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.1.0__bebb3c8816410241\AlienLabsTools.dll
2011-02-09 13:48 - 2011-02-09 13:48 - 00037840 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.1.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2011-04-29 13:39 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2010-09-03 03:28 - 2010-09-03 03:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2011-04-29 13:39 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-04-21 23:08 - 2010-12-31 08:39 - 08133120 _____ () c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
2010-11-05 18:42 - 2010-11-05 18:42 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2010-11-05 18:42 - 2010-11-05 18:42 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2014-10-26 21:30 - 2014-10-26 18:36 - 02889728 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll
2011-02-09 13:52 - 2011-01-13 14:36 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll
2011-02-09 13:52 - 2011-01-13 14:37 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll
2010-08-30 05:34 - 2010-08-30 05:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-10-17 23:07 - 2014-10-17 23:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-02-09 13:39 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-03-27 22:09 - 2013-03-27 22:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-09-24 23:34 - 2014-09-24 23:34 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-23 10:26 - 2014-10-23 10:26 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
2011-07-18 17:07 - 2011-07-18 17:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 19:42 - 2014-01-06 19:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2013-03-27 22:36 - 2013-03-27 22:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2664F3F5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3994650508-1294297652-2827424591-500 - Administrator - Disabled)
Guest (S-1-5-21-3994650508-1294297652-2827424591-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3994650508-1294297652-2827424591-1005 - Limited - Enabled)
Jack (S-1-5-21-3994650508-1294297652-2827424591-1000 - Administrator - Enabled) => C:\Users\Jack

==================== Faulty Device Manager Devices =============

Name: H:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: F:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: NEC Electronics USB Hub
Description: NEC Electronics USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: NEC Electronics
Service: nusb3hub
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2014 09:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Faulting module name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Exception code: 0xc0000005
Fault offset: 0x0002da7f
Faulting process id: 0x1200
Faulting application start time: 0xafcdpsrv.exe0
Faulting application path: afcdpsrv.exe1
Faulting module path: afcdpsrv.exe2
Report Id: afcdpsrv.exe3

Error: (10/26/2014 09:36:40 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.

Error: (10/26/2014 09:36:34 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.

Error: (10/26/2014 09:36:30 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.

Error: (10/26/2014 09:35:59 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.

Error: (10/26/2014 09:31:35 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.

Error: (10/26/2014 09:31:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Faulting module name: afcdpsrv.exe, version: 2.0.0.4041, time stamp: 0x515303ac
Exception code: 0xc0000005
Fault offset: 0x0002da7f
Faulting process id: 0x1d14
Faulting application start time: 0xafcdpsrv.exe0
Faulting application path: afcdpsrv.exe1
Faulting module path: afcdpsrv.exe2
Report Id: afcdpsrv.exe3

Error: (10/26/2014 09:25:04 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.

Error: (10/26/2014 09:24:29 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.

Error: (10/26/2014 09:24:23 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

For more information, see Help and Support Center at http://www.mysql.com.


System errors:
=============
Error: (10/26/2014 09:45:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/26/2014 09:43:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COM+ System Application service failed to start due to the following error:
%%1053

Error: (10/26/2014 09:43:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the COM+ System Application service to connect.

Error: (10/26/2014 09:39:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (10/26/2014 09:32:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/26/2014 09:31:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/26/2014 09:31:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (10/26/2014 09:31:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (10/26/2014 09:31:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (10/26/2014 09:31:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.


Microsoft Office Sessions:
=========================
Error: (10/26/2014 09:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: afcdpsrv.exe2.0.0.4041515303acafcdpsrv.exe2.0.0.4041515303acc00000050002da7f120001cff187acbe9695C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exef9d1d4a9-5d7a-11e4-bdd1-f04da2dc801d

Error: (10/26/2014 09:36:40 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

Error: (10/26/2014 09:36:34 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

Error: (10/26/2014 09:36:30 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

Error: (10/26/2014 09:35:59 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

Error: (10/26/2014 09:31:35 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

Error: (10/26/2014 09:31:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: afcdpsrv.exe2.0.0.4041515303acafcdpsrv.exe2.0.0.4041515303acc00000050002da7f1d1401cff185ab496b6fC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exef147d077-5d78-11e4-905a-f04da2dc801d

Error: (10/26/2014 09:25:04 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

Error: (10/26/2014 09:24:29 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'

Error: (10/26/2014 09:24:23 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Invalid (old?) table or database name 'ok2rm - Copy'


CodeIntegrity Errors:
===================================
  Date: 2013-07-30 18:50:50.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:36:13.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:30:43.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:19:32.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:07:48.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:58:43.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:37:00.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:29:37.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:09:02.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 19:19:33.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 26%
Total physical RAM: 16374.89 MB
Available physical RAM: 12073.51 MB
Total Pagefile: 32747.97 MB
Available Pagefile: 27488.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:707.76 GB) NTFS
Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:185.57 GB) NTFS
Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:495.39 GB) NTFS
Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:556.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 97953898)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6BBAC015)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End Of Log ============================

[AdvancedSetup]

Hello and

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1

Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.
  

Thank you
 

[sheituser]

Thank you for looking at this. I ran all of the tests you mentioned. Below are the two reports you asked for.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/28/2014
Scan Time: 7:16:26 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.28.06
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jack

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327110
Time Elapsed: 11 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jack [Administrator]
Mode : Scan -- Date : 10/28/2014  19:36:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8F51288-09AF-4002-9509-913610B7FF58} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3994650508-1294297652-2827424591-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 11 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localsites
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] l7tarqgo.default-1374718651417 : user_pref("browser.startup.homepage", "localsites/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ARRAY0 +++++
--- User ---
[MBR] 58e7f69331c3d38135543e0cbcc8c374
[bSP] fe00aafa125282f746adc39f3a0dc904 : Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 8942 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18395136 | Size: 944892 MB
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: WDC WD6000HLHX-01JJPV0 +++++
--- User ---
[MBR] d4aa3fad11eaa13a33caf77b13cf4d41
[bSP] 49a37fbacc6afd1548cc43fda5909fcd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD6000HLHX-01JJPV0 +++++
--- User ---
[MBR] c160e280329114575ef9c743e9574d88
[bSP] 3c1d42840279b086de72ac5a4eefe662 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 572323 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WD My Book 1130 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive8: EPSON Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_10262014_102021.log - RKreport_SCN_10252014_233158.log - RKreport_SCN_10262014_132228.log

[AdvancedSetup]

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  
  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

[sheituser]

When I try to run the Junkware Removal Tool a dialog says it is not a valid Win32 application. I'm running Windows 7 and I used right-click, run as administrator to open it. I went to the authors site and downloaded from there but that didn't run either.

 

For what its worth, before creating this post, I had tried running the FRST script and it did the same thing. I thought it might have to be in safe mode to run. After I did that and rebooted back into normal mode, I can now run FRST. I only mention this since it seems something is hung-up. Should I reboot and try again?

[AdvancedSetup]

Okay, then for now please try running the following. Make sure you fully disable your antivirus to run it.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[sheituser]

i tried but it failed too - not a valid Win32 application.

[sheituser]

My computer hung-up so I had to reboot. Should I start from the beginning or just with the last part?

[AdvancedSetup]

Try starting in Safe Mode with Networking and download it again and run it from Safe Mode

[sheituser]

I tried it in safe mode but it said avast was running and continuing could cause damage. There were two services active but they were already stopped. I found this post so I booted into normal mode, turned off avast until the next boot and tried running combofix as administrator. It went through the whole process but when it said creating the log, it stalled. After an hour of waiting, I stopped it. I then rebooted into safe mode and tried again. It ran this time and the log is below. I'm just stating the steps I took in case they caused a problem.

 

combofix_report.txt

[AdvancedSetup]

See if you can run through those 4 - 8 steps above again now. Skip one if it won't run and try the next. Not seeing anything obvious that should be stopping it.

[sheituser]

Here are the results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jack on Sat 11/01/2014 at 21:02:41.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Jack\AppData\Roaming\pccustubinstaller"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\l7tarqgo.default-1374718651417\minidumps [46 files]



~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/01/2014 at 21:06:25.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.311 - Report created 01/11/2014 at 21:11:37
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jack\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7609 octets] - [01/11/2014 21:08:08]
AdwCleaner[s0].txt - [7602 octets] - [01/11/2014 21:11:37]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7662 octets] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/1/2014
Scan Time: 9:20:26 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.01
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jack

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340802
Time Elapsed: 10 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

C:\Program Files (x86)\AlienRespawn\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll    Win32/Toolbar.Montiera.J potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll    a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll    a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe    Win32/Toolbar.Montiera.I potentially unwanted application
C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\T-a-s-s\product.php    PHP/Agent.DV.Gen trojan
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Adultslovefun\sql.php    PHP/Agent.NBL trojan
C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php    PHP/Agent.NCC trojan
C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Digishow\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Draculaclothing\images\30    Linux/Exploit.Ptrace.B trojan
C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php    PHP/Rst.R trojan
C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ethoshopper\ntw.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\yqi.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\includes\header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Gigagator\ppconf.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\HistoCard\checkout_approve.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MiniPro\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Musicoutletusa\bpk.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Rivalhost\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Users\Jack\Downloads\Update.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application
E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe    Win32/OpenCandy potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe    a variant of Win32/InstallIQ.A potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe    Win32/Toolbar.AskSBar potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe    Win32/Toolbar.Conduit potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php    HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php    HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php    PHP/Agent.NBL trojan
I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php    PHP/Kryptik.AB trojan
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php    PHP/Agent.NCC trojan
I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php    PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php    PHP/Agent.NAG trojan
I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php    PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\E-Experts\counter.php    PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php    PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php    PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php    PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\T-a-s-s\product.php    PHP/Agent.DV.Gen trojan
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application

C:\Program Files (x86)\AlienRespawn\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll    Win32/Toolbar.Montiera.J potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll    a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll    a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe    Win32/Toolbar.Montiera.I potentially unwanted application
C:\Storage\Customers_Archived\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\CLKSupplies\1gooD79cAt\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Druera\Druera\pest\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\Sat25\Lojav2\ext\modules\payment\codelock.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Archived\T-a-s-s\product.php    PHP/Agent.DV.Gen trojan
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\CraftMarketCorner\includes\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\AAA_ARCHIVED\Rubimoon\dashboard\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Adultslovefun\sql.php    PHP/Agent.NBL trojan
C:\Storage\Customers_Originals\Allcreaturesgiftshop\88get77RICH4critters\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BefFabRacing\admin\includes\languages\english\images\buttons\dg.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\BigLeagueStore\images\shop.php    PHP/Agent.NCC trojan
C:\Storage\Customers_Originals\Condomchoice\CondomChoice\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Customquillingbydenise\includes\application_top.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Digishow\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Draculaclothing\admin\account_help.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Draculaclothing\images\30    Linux/Exploit.Ptrace.B trojan
C:\Storage\Customers_Originals\Draculaclothing\images\soyle.php    PHP/Rst.R trojan
C:\Storage\Customers_Originals\Ethoshopper\cookie_usage.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ethoshopper\ntw.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\yqi.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Ethoshopper\includes\header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Foxhuntingshop\mysql_dumper.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Furnitureinfashion\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Gigagator\ppconf.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\blue3-10\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\experience\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\medicine\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Metropolis\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\modxblog\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\munchen\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\redie-30\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\SEO_Executive\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\vibrant\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Globalmedicalequipment\blog\wp-content\themes\Vistalicious\footer.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\mailerx.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\sort.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\mailerx.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Hautecircus\HackedFiles\images\sort.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\HistoCard\checkout_approve.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Israel-depot\id\includes\header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\Israel-depot\id\includes\modules\seo_header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MiniPro\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Musicoutletusa\bpk.php    PHP/Obfuscated.A potentially unwanted application
C:\Storage\Customers_Originals\Musicoutletusa\includes\header.php    PHP/Kryptik.AB trojan
C:\Storage\Customers_Originals\MyLlinen\cookie_usage.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Ohcheri\ohvault\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Paylessbuckles\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Rivalhost\captcha_.php    PHP/WebShell.NBV trojan
C:\Storage\Customers_Originals\Sat25\Sat25Games\ext\modules\payment\codelock.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Sweetnessandlight\slo\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\TastarSupply\inmain\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Totalsounds\includes\common\lib\email\Pear\Auth\SASL\dg.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\Customers_Originals\Ultimateproaudio\ginger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Storage\MySites\MCS\pineadmintreeXXX\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
C:\Users\Jack\Downloads\Update.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application
E:\Storage\Downloads\Installed\Sound\winamp5621_full_emusic-7plus_en-us.exe    Win32/OpenCandy potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\cpu-z_1.60-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Storage\Downloads\Installed\Utilities\FTP\freefileviewer_2_d146489.exe    a variant of Win32/InstallIQ.A potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Nero\Nero-6.6.1.15a.exe    Win32/Toolbar.AskSBar potentially unwanted application
E:\Storage\Downloads\Installed\Utilities\Security\ZoneAlarm\zapSetupWeb_102_073_000.exe    Win32/Toolbar.Conduit potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscMax\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\oscmax_auto\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin\aaa_nt02.php    HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\admin_diffname\aaa_nt02.php    HTML/ScrInject.B.Gen virus
I:\Programingfiles\Sites\ContributionTesting\SiteMonitor\HackedFiles\account_help.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AdultsLoveFun\sql.php    PHP/Agent.NBL trojan
I:\Programingfiles\Sites\customers\Affordableweddingaccessories\images\gifimg.php    PHP/Kryptik.AB trojan
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\AllCreaturesGiftShop\88get77RICH4critters_fails\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\BigleagueStore\images\shop.php    PHP/Agent.NCC trojan
I:\Programingfiles\Sites\customers\Clksupplies\1gooD79cAt\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\CondomChoice\CondomChoice\captcha_.php    PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Cragmay\Agmpartscomponents\images\imageth.php    PHP/Agent.NAG trojan
I:\Programingfiles\Sites\customers\Customquillingbydenise\includes\application_top.php    PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Dirtbikebitz\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera\pest\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Druera\Druera_orig\pest\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\E-Experts\counter.php    PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Firststopsecurity\first_stop\admin4sec\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\FoxHuntingShop\mysql_dumper.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Furnitureinfashion\FurnitureInFashion_live\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\ArtFramesUSA\G1nger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\GlobalWholesaleArt\OilPaintingUSA\G1nger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\HistoCard\checkout_approve.php    PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\InkPlusToner\InkPlusToner\4dm1n\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\MyLinen\cookie_usage.php    PHP/WebShell.NBV trojan
I:\Programingfiles\Sites\customers\Ohcheri\ohvault\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.bak.0    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\OriginalAbsinthe\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Paylessbuckles\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sat25\Lojav2\ext\modules\payment\codelock.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sironet\Lacremedvd\ibt.php    PHP/Obfuscated.A potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Sweetnessandlight\slo\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\T-a-s-s\product.php    PHP/Agent.DV.Gen trojan
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\admin\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\HorseMall\includes\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\TackRoomInc\TackroomNet\includes\seo_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\customers\Ultimateproaudio\ginger\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application
I:\Programingfiles\Sites\MCS\pineadmintree\includes\configuration_cache.php    PHP/Obfuscated.F potentially unwanted application

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by Jack at 2014-11-02 08:19:36
Running from C:\Users\Jack\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: ZoneAlarm Pro Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AlienAutopsy (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Alienware)
Alienware TactX Keyboard CI 1.00.130 (HKLM\...\{13A3A271-B2AA-486C-9AD5-F272079BB9B5}) (Version: 1.00.130 - Alienware)
Alienware TactX Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
AlignmentUtility (x32 Version: 17.00.0000 - UPS) Hidden
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}) (Version: 2.0.29.444 - ArcSoft)
ArcSoft Photo Book Screen Saver (HKLM-x32\...\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}) (Version: 2.0.0.13 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{B8CECF38-C0B0-4B39-8B11-772E685C93AB}) (Version: 2.8.255.266 - ArcSoft)
ArcSoft RAW Thumbnail Viewer (HKLM-x32\...\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}) (Version: 2.0.0.11 - ArcSoft)
ArcSoft Video Downloader (HKLM-x32\...\{C8B44566-839A-459C-A73D-49764CE216CC}) (Version: 2.0.0.39 - ArcSoft)
ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1506.0 - AVAST Software)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Broadcom Management Programs (HKLM\...\{688758A2-8520-4470-8FA6-765BAC86FC53}) (Version: 12.53.01 - Broadcom Corporation)
CCC (x32 Version: 17.00.0000 - United Parcel Service, Inc.) Hidden
ccc-core-static (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Charles 3.6.5 (HKLM\...\{61163088-76A7-4A20-8228-7058848CD37F}) (Version: 3.6.5.6 - XK72 Ltd)
Command Center (HKLM-x32\...\InstallShield_{AD522D37-B0FD-45A4-8695-6F24DF5336FC}) (Version: 2.6.1.0 - Alienware Corp.)
Command Center (Version: 2.6.1.0 - Alienware Corp.) Hidden
Compare and Merge 2.3 (HKLM-x32\...\Compare and Merge_is1) (Version: 2.3 - TGRMN Software)
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberPower PowerPanel Personal Edition 1.2.3 (HKLM-x32\...\{46E21083-D598-4217-99B0-2ED3E4152759}) (Version: 1.2.3 - Cyber Power Systems, Inc.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dell InHome Service Agreement (HKLM-x32\...\{41AA8F20-FD30-4878-9080-6D5BE575FD41}) (Version: 2.0.0 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Diskeeper 12 Professional (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.2.6 - Telerik)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
FormsComponent (x32 Version: 17.00.0000 - UPS) Hidden
FOSS (x32 Version: 17.00.0000 - UPS) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 11.7 - GPSoftware)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 17.00.0000 - UPS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Excel 2000 SR-1 (HKLM-x32\...\{00110409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla)
MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{1D803D4F-CE1E-4282-B4F2-0FCF28E68BCD}) (Version: 5.2.37 - Oracle Corporation)
NA1Messenger (x32 Version: 17.00.0000 - Your Company Name) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NRF (x32 Version: 17.00.0000 - UPS) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PolicyManager (x32 Version: 17.00.0000 - UPS) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Quicknote 5.5 (HKLM-x32\...\JC&MB Quicknote_is1) (Version:  - JC&MB)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 17.00.0000 - UPS) Hidden
ReportServer (x32 Version: 17.00.0000 - Your Company Name) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version:  - )
Skins (x32 Version: 2010.0928.2139.36979 - ATI) Hidden
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SQLyog 11.3 (64 bit) (HKLM\...\SQLyog64) (Version: 11.3 (64 bit) - Webyog Inc.)
SupportUtility (x32 Version: 17.00.0000 - Your Company Name) Hidden
System (x32 Version: 17.00.0000 - UPS) Hidden
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TheBat! Home v4.2.44 (HKLM-x32\...\{457297FE-47C9-4B37-B350-BC5CCC65A2DE}) (Version: 4.2.44 - Ritlabs)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version:  - Affilorama Ltd.)
True Image 2013 (HKLM-x32\...\{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
UnifiedPrinting (x32 Version: 17.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 17.0 - UPS)
UPSDB (x32 Version: 17.00.0000 - UPS) Hidden
UPSICC (x32 Version: 17.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 17.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Watermark Factory 2 (HKLM-x32\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version:  - WatermarkFactory.com)
Web CEO 11.0 (HKLM-x32\...\WebCEO70_is1) (Version: 11.0 - Web CEO Ltd.)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebLog Expert Lite 8.1 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.1 - Alentum Software Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version:  - )
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
WorldShip (x32 Version: 17.00.0000 - UPS) Hidden
WSShared (x32 Version: 17.00.0000 - UPS) Hidden
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
Zend Optimizer (HKLM-x32\...\{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}) (Version: 3.3.0 - Zend Technologies)
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version:  - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{00A5D5A8-84D7-433E-926F-DFF56DF4BD9F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{01554A8A-F376-4064-A6A5-D8A13665C4EB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{051141EA-19E0-404B-A525-8EB4547C7753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{056FAEFE-9A9C-48B2-B458-1A39F700C803}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0604FA41-0FA4-46F5-9734-636DD2FF7E21}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{07897D7C-7CC9-4FE6-B823-DA57BD31F732}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{09889426-024E-4AA3-B39D-D2A9C3FE061E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0A07BE9D-531A-4A4A-BBE3-DC93A6C1C887}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{0FB0209E-FAA2-48E9-9F04-DBFB0858788D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{10D7C8FF-C90A-49C9-939A-C845265681C0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1D0D2B96-A870-4D6F-829D-2A949F243531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{1FF2E388-451A-4309-8450-A2A19F5A511D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{22B2186B-FE49-43AE-9EB7-72E8A00D7AF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{29EA3967-E71E-4657-B519-CD16BCAA2B60}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{38063D55-9EF3-4038-981A-C3AF48A064AC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{399FD32E-4E06-48FA-948A-75B12F5A50E6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{39FC56EB-285B-4305-ADD1-278049646691}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3B589405-2552-404A-A714-4DEA246433C3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{3F73A396-05CC-48B9-9C5F-A2C80399BCF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{41A886BE-BF2F-41B1-8235-81502FC76A11}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{449D6FA1-46C3-49E8-8F06-D1522224A4D2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{453FD783-4A97-4BF0-BA36-F650AF78577D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{45F7AAC4-80BD-4BB8-9D9C-EC1B8677D3CC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{4F0AE54C-3970-46C7-BC52-90703E005262}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{529D958B-E6F8-422E-B94B-8E7817A15C26}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{52AD96AD-B5F5-4A65-927E-39FA9E590A0A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5457D58A-DCC9-4472-8C64-B10FC0AC070A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5B95D823-A98C-4D3D-8925-8F5E5B922921}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{5CFED801-32F2-4B87-8FA5-82A48D1F5E7A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{63DA3D53-6160-43B7-B3BA-88D5A90A08D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{65246BFD-2ACD-4BF9-8690-CA575F555F3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{6B86834B-45D0-4C06-91F3-FDB2CB563D0E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{70C3EB9C-5AE4-43FC-BDD8-43A4C5236F3E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{7375CE48-9021-4AF4-BDA9-3F2F4F9A9B9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{74DCD065-758E-445A-8C82-A188AE37E48B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{87B84C15-F026-4BB3-B26E-AEF04670E862}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8B6DA6B5-8AA6-4EFF-89EC-7E44BF6C2F14}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8C62E740-A1A8-49B5-8118-2457AAA260F2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{8F88EDB1-2C28-4029-96D4-E3200D691840}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{90823893-5C52-4CDF-A5E4-320545CDC8D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9354DFAD-5775-4D48-893F-64DF1BBCE610}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{9BFA8CE4-AAE8-46F0-8215-E989E052925C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A0BD0ECF-2393-407F-A20A-CD8E1B3220D3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A1088C87-0DEC-445B-9D9C-E881C0288EF2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A27FDD31-0C5B-468D-8EC9-5A1E050BEB57}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{A5A4988B-F6B8-44FC-8D67-7A7E5DC01EBA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAF4DF68-C279-487D-A7D0-58DA7FCD11AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AAFF502E-771E-4EA6-81E1-811AAC5FA82D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{AF843D96-E44F-466E-9C78-0F403E4B4ED8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B00FB327-90F0-404D-8597-CF9D8C382DAC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B2252980-0D3E-4FDC-82D2-F9B3F24D8AEA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{B33E4B2F-B67B-45BE-9BC5-BAC124E62CA2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{C22AB24F-F47E-4E9E-B71C-815D9856CEAB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CC3DCF0F-07D5-4646-A641-F172BA220650}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CCD1EE59-F38D-4CA3-8DD1-C5BA5575EFAA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{CF171C8A-D1F5-46C8-971E-2481FAF083D4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{D8FC2B62-0BEA-40D2-B45A-F7410A0C3A3F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DBCAF10E-02D6-43DA-AC70-670537A816D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{DC4EBBB7-A0F7-43B3-87E1-30E1957EC753}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E42793B9-13E5-45BB-B2DF-DA4977CFC6BC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F0A4457A-E427-4C3C-A285-EC1B2F799B1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F26146DB-D9C7-4803-A78D-10947CC1E4B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F58E3621-0E79-49D7-8FBE-5CF44E8EFB79}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{F9ABE7CD-4701-4DE0-9A1A-8F726651B674}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-3994650508-1294297652-2827424591-1000_Classes\CLSID\{FEEBA5ED-53FE-41ED-BE55-648E2EEFF9A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)

==================== Restore Points  =========================

01-11-2014 15:33:07 ComboFix created restore point
02-11-2014 13:00:22 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-04 11:58 - 00001140 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 localsites
127.0.0.1       localhost127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10F3D27F-FFBC-4E45-BB1E-8B8AF4192827} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-22] (AVAST Software)
Task: {1492EE78-0FEB-4D35-8EF5-8850EFF0BC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {18FFAC5B-7083-4FCF-B114-5D3DDBD803FE} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2012-11-29] (PC-Doctor, Inc.)
Task: {356C2F0D-4ECB-4AB4-9FD0-CB0F981AAAD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6EA7FA08-AD7D-4E24-BC6B-BE938110C28C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7ACDB8EC-396C-48DC-A98D-D1CFED39E14C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {8B719B26-20F1-4CE1-97A6-DD4D604FE10A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
Task: {AFDC1808-B6E7-4389-8186-92DA226C372F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {ECDEC2D3-FC20-4633-90FC-FB2F2FF48082} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F04229BB-F431-42B3-828A-8E77D010021E} - System32\Tasks\WampServer => C:\wamp\wampmanager.exe [2010-12-31] (Aestan Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DOpusRT_RunStd_{B1CAB9BE-DAD0-4373-9F32-9C7133E753AF}.job => C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2011-02-09 12:52 - 2011-01-13 13:39 - 00783680 _____ () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
2011-04-29 12:39 - 2009-07-20 11:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2010-09-03 02:28 - 2010-09-03 02:28 - 00518640 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 00085944 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\AlienLabsTools\v4.0_2.6.1.0__bebb3c8816410241\AlienLabsTools.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 00037840 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\v4.0_2.6.1.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2011-04-29 12:39 - 2009-07-20 03:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-04-21 22:08 - 2010-12-31 07:39 - 08133120 _____ () c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
2010-11-05 17:42 - 2010-11-05 17:42 - 00156088 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2010-11-05 17:42 - 2010-11-05 17:42 - 00016832 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2014-11-01 16:06 - 2014-11-01 13:29 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\14110101\algo.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00128320 _____ () C:\Program Files (x86)\AlienRespawn\STLog.dll
2011-02-09 12:52 - 2011-01-13 13:36 - 01123648 _____ () C:\Program Files (x86)\AlienRespawn\LibXml2.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00079168 _____ () C:\Program Files (x86)\AlienRespawn\zlib1.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00234816 _____ () C:\Program Files (x86)\AlienRespawn\STFiles.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00075072 _____ () C:\Program Files (x86)\AlienRespawn\STRegistry.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00111936 _____ () C:\Program Files (x86)\AlienRespawn\STPE.dll
2011-02-09 12:52 - 2011-01-13 13:37 - 00121152 _____ () C:\Program Files (x86)\AlienRespawn\STNLS.dll
2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-17 22:07 - 2014-10-17 22:07 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-02-09 12:39 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2664F3F5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupreg: NA1Messenger => C:\UPS\WSTD\UPSNA1Msgr.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3994650508-1294297652-2827424591-500 - Administrator - Disabled)
Guest (S-1-5-21-3994650508-1294297652-2827424591-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3994650508-1294297652-2827424591-1005 - Limited - Enabled)
Jack (S-1-5-21-3994650508-1294297652-2827424591-1000 - Administrator - Enabled) => C:\Users\Jack

==================== Faulty Device Manager Devices =============

Name: F:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: H:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/02/2014 06:40:49 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (11/02/2014 06:40:48 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (11/01/2014 08:12:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-30 18:50:50.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:36:13.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:30:43.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:19:32.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-30 18:07:48.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:58:43.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:37:00.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:29:37.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 20:09:02.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-27 19:19:33.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 16374.89 MB
Available physical RAM: 9576.3 MB
Total Pagefile: 32747.97 MB
Available Pagefile: 27538.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.75 GB) (Free:713.79 GB) NTFS
Drive e: (Programing) (Fixed) (Total:558.91 GB) (Free:180.31 GB) NTFS
Drive i: (Storage) (Fixed) (Total:558.91 GB) (Free:492.64 GB) NTFS
Drive k: (My Book) (Fixed) (Total:2794.49 GB) (Free:450.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 97953898)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 6BBAC015)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End Of Log ============================

 

[AdvancedSetup]

I would recommend you run a disk check on your hard drive due to the errors in the Event Logs.

 

Other than that how is the computer running now?

Are there still any signs of an infection?

 

 

Please download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!
  

 

[sheituser]

I ran the disk checks but no errors were found.

 

The original problem is still there. To be clear, I assumed it was a dllhost problem due to posts I found on the web. The only reason I knew there was a problem is because I started to get empty dialogs poping up. The attached image is of one of those. Those popups can appear at any time but mostly appear overnight. It is not uncommon to have 30 popup windows opened. At the same time, I noticed the dllhost.exe *32 file gets larger. I usually terminate it when it gets above a MB. When I do that, all of the popup windows close. But one will usually reopen immediately afterwards. Does this describe the dllhost virus others are having or do you think I have some other problem?

 

The result of the security test is below.

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Java version out of Date!
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0.2)
 Mozilla Thunderbird (5.0). Thunderbird out of Date!  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Alienware Command Center ThermalController.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[AdvancedSetup]

Difficult to say as many things can cause blank dialog boxes. Unregistered system files or bad permissions in the registry, etc.

Please read the following for a brief description of The complexity of finding, preventing, and cleanup from malware
 

Please either uninstall your Thunderbird or update it to the latest version. Some programs like that can be targeted in an attempt to infect your computer.

 

 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

• Double click to open the zip file and then select all and choose Copy.
• Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
• Quit all browsers and other running applications.
• Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it in your next reply.
  

Next:
 
Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  

 

Restart the computer now
 

Next,

 

Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Install the scanner by right-click on icon and select Run as Administrator.
• It should start itself automaticaly after the installation.
• In the main console click Accept and Scan.
• This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
• At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
• Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
• A notepad window named PCloudCleaner.log will open. Save it to your desktop.
  

Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
 

[sheituser]

I removed Thunderbird and Java and ran the tests you mentioned. The results are below:

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Nov 05 08:54:18 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\Classes\JavaPlugin.10512

------------------------------------

Finished reporting.

 

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\U8ANYUVY.TXT to be deleted.

Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\D0OVXEX3.txt to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Y9KQVRYJ.TXT to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\M120J4IR.TXT to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LUFF2HPX.TXT to be deleted.

. FILE: C:\USERS\JACK\DOWNLOADS\UPDATE.EXE to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\6QG1TW98.TXT to be deleted.

Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\QUEV4K9L.txt to be deleted.

Unknown. FILE: C:\PROGRAM FILES\ALIENWARE\ALIENWARE TACTX MOUSE CI\AWMOUSECI.EXE to be deleted.

Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\9QXAR6CZ.txt to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\2D82N3N1.TXT to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Q0H3FHNJ.TXT to be deleted.

Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\OY0J026M.txt to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\4XFSYU1M.TXT to be deleted.

Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\801E0GZX.txt to be deleted.

Malware. FILE: C:\Users\Jack\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\FJDW68PZ.txt to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\J9A47XGM.TXT to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\3V826T0H.TXT to be deleted.

Malware. FILE: C:\USERS\JACK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TU3OFOHS.TXT to be deleted.

Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRECENTDOCS] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWNETPLACES] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sTART_SHOWRUN] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.


 

[AdvancedSetup]

I'm going to be on the road and not able to get back to you until late tomorrow night probably as long as my network connection works well there. If not then I'll be back to help you on Monday.

 

How is the computer running now?

 

What issues if any are you still having?

[sheituser]

OK. I understand. The problem is still there but may be a little better. Before, after a reboot, the first popup would appear after about 5-10 minutes. After this last reboot, it didn't happen until about 30 minutes. And while the dllhost entry in the Task Manager still grows, it is doing so at a much lower rate and doesn't seem to be getting as large. So something seems to have made a difference but not enough of one.

[AdvancedSetup]

Okay, try to download a new fresh copy  of Combofix again. Disable your antivirus and try running it again.

 

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[sheituser]

When I ran that program before, it took a hour, at most. This time it seemed to have locked up and after about three hours I had to kill it since I had work to do. That was yesterday. I ran it again today and just it go and it finally finished. The result is attached.combofix.txt.

 

But after rebooting after the first run, I found a number of programs weren't working correctly. I tried a restore and got and error saying it couldn't complete due to "complusstaging." I finally did a complete restore of the c drive from my daily backup. That still didn't fix one of the programs which doesn't make sense to me since it is on the c drive but I'll have to deal with that. Hopefully the restore I did didn't cause problems with this procedure.

 

While searching the web for this problem, I ran across a post on the Microsoft site where they recommend a clear reboot. The problem I am having doesn't appear to happen in safe mode, though I haven't tested it that way very much, so it sounds like a clean reboot might be a good idea. If you still have a plan of attack, then I will stick with what you say. I'm just grasping at straws here since this is having a terrible affect on me being able to get anything done on the computer.

[AdvancedSetup]

Please just restart the computer and any of those messages and issues should go away.

Please download Malwarebytes Anti-Rootkit from HERE

If needed there is a self help tutorial here: MBAR tutorial

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

[sheituser]

I tried to run the program but a message pops up saying it can't run on my computer and to check that I am using the correct version (32 or 64 bit - see attached). The download page tied to the doc page you mentioned says it will run on either version. I used your link to download it though. When it didn't work, I tried re-booting since that worked before with this type of problem but I still get the same message. Before trying to run it, I stopped all running programs and turned off my anti-virus and anti-spam program. Should I try running it in safe mode?

 

Rebooting didn't fix my problems. But I found that the parts that were removed were a key string for a program and entries in the computers host file that I had added were removed. Just mentioning in case someone else has the same sort of problems.

[AdvancedSetup]

Well that does not make a lot of sense. That is more so an error as though the file was not downloaded fully. Do you have access to another computer where you can download it and then try to copy it over via CD or USB stick to run it?

 

What other issues are you still experiencing ?

[sheituser]

I was able to get it downloaded in safe mode. Then I followed all of the instructions and ran it. The result are below.  As for problems I am having, there aren't any I am aware of other than the one described for this thread - the dllhost memory and popup issue.

 

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Jack :: JACK-PC [administrator]

11/13/2014 1:19:36 PM
mbar-log-2014-11-13 (13-19-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 340938
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.807000 GHz
Memory total: 17170321408, free: 15245807616

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.806000 GHz
Memory total: 17170321408, free: 14033297408

Downloaded database version: v2014.11.13.07
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
     11/13/2014 13:19:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\SI3132.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\DKDFM.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\DKTLFSMF.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\aswKbd.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\mio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\DKRtWrt.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR23
Upper Device Object: 0xfffffa800d267790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000014f\
Lower Device Object: 0xfffffa800d10bb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa8011c9d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa8011cb9060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8011cc62a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009b\
Lower Device Object: 0xfffffa8011cba750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8011cb6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa8011cb5660
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8011cb8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa8011cb5b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8011c28060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8011c2b060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa801046e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800dba2050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801046b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800db9e050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8010468790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800dba6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8010468520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfda880, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 77E3ED41

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 18313216
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 18395136  Numsec = 1935138816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000210432000 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfe1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e0f3520, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97953898

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1172117504

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 600127266816 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe5900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfe3910, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBAC015

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1172117504

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 600127266816 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 3, DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011c27040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011bac9b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011c2a580, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c28060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011bab9c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011c2b060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2DCC8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 256  Numsec = 732558080

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3000558944256 bytes
Sector size: 4096 bytes

Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb7040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb8940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011ca0950, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cb5b60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb4040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb6940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb6060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb7970, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cb5660, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cbd760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011c9f900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cbd040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cc62a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb4ca0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cba750, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cca700, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011c9d940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011c9db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c9d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cc9aa0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cb9060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d2f8760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8013deb920, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801497f540, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d267790, DeviceName: \Device\Harddisk8\DR23\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014984e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800d10bb60, DeviceName: \Device\0000014f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.807000 GHz
Memory total: 17170321408, free: 14198095872

=======================================
Initializing...
------------ Kernel report ------------
     11/13/2014 13:37:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\SI3132.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\DKDFM.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\DKTLFSMF.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\aswKbd.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\mio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\DKRtWrt.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR14
Upper Device Object: 0xfffffa8014009790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000fe\
Lower Device Object: 0xfffffa8013f0f060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa8011cb2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa8011cbeb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8011cc32a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009b\
Lower Device Object: 0xfffffa8011cbe060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8011c912a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa8011ca4b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8011cbd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa8011cba550
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8011c43060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8011c37060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa801046e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800dba2050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801046b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800db9e050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8010468790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800dba6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e0f3760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfdc900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfddb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010468790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfd8a60, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba6050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 77E3ED41

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 18313216
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 18395136  Numsec = 1935138816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000210432000 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010462040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe1900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801046b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfe0e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800db9e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97953898

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1172117504

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 600127266816 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801046f040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfe4900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801046e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801046e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010462b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba2050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBAC015

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1172117504

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 600127266816 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 3, DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011c48040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011c37900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011c396a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c43060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011c3d410, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011c37060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2DCC8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 256  Numsec = 732558080

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3000558944256 bytes
Sector size: 4096 bytes

Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cbc760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cbc040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cbdab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cbd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cabb80, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cba550, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cae510, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011caedf0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cae040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011c912a0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cadb40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011ca4b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb0510, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb0df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb0040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cc32a0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cafe00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cbe060, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cb3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb18f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cc61b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb2060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb1b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cbeb60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8013fbf760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8013ee9be0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8013e30040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014009790, DeviceName: \Device\Harddisk8\DR14\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8013e125d0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8013f0f060, DeviceName: \Device\000000fe\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.807000 GHz
Memory total: 17170321408, free: 13210963968

Downloaded database version: v2014.11.13.08
=======================================
Initializing...
------------ Kernel report ------------
     11/13/2014 14:42:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\SI3132.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\DKDFM.sys
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\DKTLFSMF.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\aswKbd.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\SiRemFil.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\mio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\DKRtWrt.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR32
Upper Device Object: 0xfffffa8015090790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000001a8\
Lower Device Object: 0xfffffa800d820b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa8011ca7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa8011caf060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8011cb55d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009b\
Lower Device Object: 0xfffffa8011cafb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8011cac060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa8011ca3750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8011cae790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa8011ca57b0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8011bec060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa8011bfe630
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8010452790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800dba4050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa801044f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800dba0050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa801044c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800dba8050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801043a760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfb68f0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa800dfb9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801044c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800dfb6b40, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba8050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 77E3ED41

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 18313216
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 18395136  Numsec = 1935138816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000210432000 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010446040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa800dfbb900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801044f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801044f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa801043a520, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97953898

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1172117504

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 600127266816 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010453040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8010452520, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8010446950, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010452790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010446e00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800dba4050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBAC015

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1172117504

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 600127266816 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 3, DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011bf3040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011b839b0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011bff690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011bec060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011b819c0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011bfe630, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\SiRemFil\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2DCC8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 256  Numsec = 732558080

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3000558944256 bytes
Sector size: 4096 bytes

Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cad760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb2900, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cad040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb1410, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011ca57b0, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011cab700, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cac940, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cacb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cac060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cad520, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011ca3750, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011ca9630, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011ca9040, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011cb5100, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011cb55d0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011caae00, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011cafb60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011ca6040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8011cb8df0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa8011ca86a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011ca7060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011cb8670, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8011caf060, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014fd2300, DeviceName: Unknown, DriverName: \Driver\DKDFM\
DevicePointer: 0xfffffa8014c40ae0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xfffffa801509b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8015090790, DeviceName: \Device\Harddisk8\DR32\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f2d300, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa800d820b60, DeviceName: \Device\000001a8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished