cjdjackson

Hi Kevin - I apologize it's taken me a while to get back to this thread. Trying to find a job and attending lots of workshops. I have a question about the Delfix. One of the lines says it will Purge System Restore. Will that remove all the restore points? Thanks. Regards, CJ

Hi Kevin - I was going to start the process above but noted in my task manager there are two "csrss.exe" processes running. When I click on the show services for each of them, there is not a service associated. Is this normal behavior? Thanks. CJ

Kevin - First thank you so much for your assistance and the time you provided to help me. I am very gracious. I am currently unemployed for the past 6 months and this computer is how I look for and apply for jobs, update my resume, etc.. So it is very important for it to be working properly. I do have all my files on an external drive so don't keep them on the computer hard drive in case of failure. So far, all looks ok. I have been checking out other threads with the same issue and I have seen several where the issue returns. I will monitor for this evening and tomorrow and let you know. I do love what you all are doing with this service to assist wit Malware. I will do what I can with a donation. Thanks again. CJ

--------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0) Started On Fri Aug 30 12:06:32 2013 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 30 12:07:09 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0) Started On Fri Sep 13 03:02:08 2013 Engine: 1.1.9800.0 Signatures: 1.157.932.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 13 03:02:56 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0) Started On Thu Oct 10 08:47:07 2013 Engine: 1.1.9901.0 Signatures: 1.159.530.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 10 08:48:15 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0) Started On Thu Nov 14 03:01:38 2013 Engine: 1.1.10003.0 Signatures: 1.161.1618.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 14 03:03:13 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0) Started On Sun May 04 14:27:11 2014 Engine: 1.1.10401.0 Signatures: 1.169.1258.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sun May 04 14:28:28 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0) Started On Wed Oct 01 07:17:35 2014 Engine: 1.1.10904.0 Signatures: 1.183.882.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 01 07:21:25 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0) Started On Sat Oct 25 19:58:25 2014 Engine: 1.1.11005.0 Signatures: 1.185.2035.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 25 20:01:24 2014 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0) Started On Tue Nov 11 14:22:56 2014 Engine: 1.1.11104.0 Signatures: 1.187.1116.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 11 14:45:49 2014 Return code: 0 (0x0)

Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows 7 Professional x64 Ran by CJ on Tue 11/11/2014 at 13:10:24.67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-DC4D487C.pf ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 11/11/2014 at 13:51:44.82 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADwCleaner Logs: # AdwCleaner v4.101 - Report created 11/11/2014 at 12:55:36 # Updated 09/11/2014 by Xplode # Database : 2014-11-11.1 [Live] # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : CJ - ZENMUSINGS # Running from : C:\Users\CJ\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : vToolbarUpdater18.1.9 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Users\CJ\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\CJ\AppData\LocalLow\AVG SafeGuard toolbar File Deleted : C:\Users\Public\Desktop\GeekBuddy.lnk File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\deltadentalwa.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetwater.com ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.17116 -\\ Comodo Dragon v33.1.0.0 ************************* AdwCleaner[R0].txt - [6257 octets] - [11/11/2014 12:41:46] AdwCleaner[s0].txt - [6233 octets] - [11/11/2014 12:55:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6293 octets] ##########

Malware Bytes Log. Scan found nothing. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/11/2014 Scan Time: 12:19:06 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.11.08 Rootkit Database: v2014.11.11.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: CJ Scan Type: Threat Scan Result: Completed Objects Scanned: 316450 Time Elapsed: 11 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Thanks Kevin. About the two security tools. I have the Computer portion with the antispyware and antivirus disabled for AVG. I am only using the web, email and identity portions of it. I like Security Essentials better for the antispyware/antivirus, but it doesn't have the email and web scanning. Is that still a problem to have them both? I will run those other tools today. Also, I have not seen the dllhost32 issue anymore which was being sourced from the SYSwow64. I only see one every now and then when I open something and it is sourced from System32. Regards, CJ

Kevin - I didn't find any CombFix logs. I searched before and after restart. Here is the Rogue Killer log: RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : CJ [Administrator] Mode : Scan -- Date : 11/10/2014 18:19:54 ¤¤¤ Processes : 1 ¤¤¤ [PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[7] -> Stopped ¤¤¤ Registry : 14 ¤¤¤ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.0.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe) -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-771810391-542318883-3474901538-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.overlakehospital.org/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-771810391-542318883-3474901538-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.overlakehospital.org/ -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-771810391-542318883-3474901538-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-771810391-542318883-3474901538-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++ --- User --- [MBR] 47ffbb57046f0d026d19afdb86ee26f7 [bSP] dec615d0458553d02212e82ef3afa4a0 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238416 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WD Ext HDD 1021 USB Device +++++ --- User --- [MBR] f53e959db7118fda0ba68d94970a9c67 [bSP] 40393778f0c3878277153d2e3e5d19b2 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )

Working on it.

Kevin - The computer never made it all the way to sleep mode. I was watching it and saw it going.. hit a key to stop it and ComboFix started running. It ran and a few times indicated the message above. All I could do was answer the question ok to move past it. It started to run and I watched it run to stage6a in the blue window. Then it just disappeared. It stopped. I waited a while but did not want to leave the computer unprotected so re-enabled the antivirus and firewall. I took a look at task manager but did not see anything that could be combofix running. I ran a regular malware bytes scan since it had been sitting a while unprotected and the scan came up clean. I did have to disable/enable the network setting in order for Internet to work. I have been using it and monitoring the task manager and not seeing the issue but I don't have any idea what combfix did. I have not restarted the PC.

Kevin - The ComboFix program started running when my computer started to go into sleep mode. It did not make a backup of the registry as the instructions showed. Not sure what to do now as I assume it is running in the background. I did see the screen showing it went to Stage6a and then that screen disappeared. That is where I am at now. I can't tell by looking at the screen if it is running or not.

Kevinf80 _ I am trying to run ComboFix. I have this message on the screen. Not sure if I should continue or if I can even cancel at this point. This message was not noted in the guide: Unable to create file: C:\Windows\erdnt\Hiv-backup\ERDNT.INF Registry backup will continue, but no restore information for ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files. My only options at this point are to click "OK" or "X" out. Please advise. Thanks

Results of Fixlog. I am reading about ComboFix now. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01 Ran by CJ at 2014-11-10 08:23:13 Run:1 Running from C:\Users\CJ\Desktop\New folder Loaded Profile: CJ (Available profiles: CJ) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKU\S-1-5-21-771810391-542318883-3474901538-1001\...\MountPoints2: {62a3fd9c-0dc9-11e3-8542-b8ac6fad3fc5} - F:\LaunchU3.exe -a HKU\S-1-5-21-771810391-542318883-3474901538-1001\...\MountPoints2: {a58bfd03-6851-11e4-b695-005056c00008} - E:\LaunchU3.exe -a HKU\S-1-5-21-771810391-542318883-3474901538-1001\...\MountPoints2: {af9b8ecc-1474-11e3-aab6-b8ac6fad3fc5} - E:\LaunchU3.exe -a HKU\S-1-5-21-771810391-542318883-3474901538-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! C:\Users\CJ\AppData\Local\Temp\epiMsiBootstraper.exe C:\Users\CJ\AppData\Local\Temp\ose00000.exe CustomCLSID: HKU\S-1-5-21-771810391-542318883-3474901538-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? EmptyTemp: End ***************** "HKU\S-1-5-21-771810391-542318883-3474901538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a3fd9c-0dc9-11e3-8542-b8ac6fad3fc5}" => Key deleted successfully. "HKCR\CLSID\{62a3fd9c-0dc9-11e3-8542-b8ac6fad3fc5}" => Key not found. "HKU\S-1-5-21-771810391-542318883-3474901538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a58bfd03-6851-11e4-b695-005056c00008}" => Key deleted successfully. "HKCR\CLSID\{a58bfd03-6851-11e4-b695-005056c00008}" => Key not found. "HKU\S-1-5-21-771810391-542318883-3474901538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af9b8ecc-1474-11e3-aab6-b8ac6fad3fc5}" => Key deleted successfully. "HKCR\CLSID\{af9b8ecc-1474-11e3-aab6-b8ac6fad3fc5}" => Key not found. "HKU\S-1-5-21-771810391-542318883-3474901538-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully. "HKU\S-1-5-21-771810391-542318883-3474901538-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. C:\Users\CJ\AppData\Local\Temp\epiMsiBootstraper.exe => Moved successfully. C:\Users\CJ\AppData\Local\Temp\ose00000.exe => Moved successfully. "HKU\S-1-5-21-771810391-542318883-3474901538-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. EmptyTemp: => Removed 3.8 GB temporary data. The system needed a reboot. ==== End of Fixlog ====

Kevinf80 - Do I need to be connected to the Internet to run these? And should I have my external drive connected?