Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Plagued by SupraSavings [Solved]

SupraSavings

  • This topic is locked This topic is locked
63 replies to this topic

#1 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 10 July 2014 - 04:01 PM

I have tried several things to eliminate this pest, to no avail.   OTL, downloaded from your site, generated two files.  They are attached.

 

Attached Files

  • Attached File  OTL.Txt   296.62KB   107 downloads
  • Attached File  Extras.Txt   108.45KB   123 downloads

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 July 2014 - 10:46 PM

Hi Marrin,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • AdwCleaner[S0].txt
  • New OTL.txt
  • What symptoms are you experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 11 July 2014 - 11:17 AM

In attempting to follow your instructions (in order) I cannot proceed to downloading aswMBR.  Norton Security Suite flags the download as "unsafe" and immediately deletes it.

 

How should I proceed?



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 July 2014 - 08:19 PM

Hi Marrin,

 



In attempting to follow your instructions (in order) I cannot proceed to downloading aswMBR.  Norton Security Suite flags the download as "unsafe" and immediately deletes it.

 

How should I proceed?

 

Disable Norton while you download the tool and run the scan, then re-enable it.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 11 July 2014 - 11:07 PM

I am slightly ashamed to admit I got impatient.  I went to the parent site for aswMBR, and downloaded the program from there.  For some reason, Norton accepted this version, so I ran it, and have included its output here.

 

The symptoms I am experiencing include large numbers of popups, that bear the tag SupraSavings or SupraServices.  This happens primarily with sites that have choices to buy things, but not exclusively.  Any site that includes lots of choices can trigger the popups.  One particular program that is affected is 247Mahjong.  When the computer is connected to the network, SupraServices blocks the center of the screen with a black window which covers the playing area.  When not connected to the network, a limited version of the game is presented, except the panels, one on each side of the window which normally contain advertisements (not, I believe, from SupraSavings) are greyed out.

 

There are symptoms of what I think are other 'viruses',  but this SupraSavings is by far the most infuriating, so I would like to approach the others later, in new topics, unless you would suggest otherwise.

 

Scan reports are included below.   Thanks for your help.

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 8 Update 5  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-07-11 16:55:15
-----------------------------
16:55:15.986    OS Version: Windows x64 6.1.7601 Service Pack 1
16:55:15.986    Number of processors: 2 586 0x170A
16:55:15.988    ComputerName: FLEET-HP-G70  UserName: Marrin
16:55:18.150    Initialize success
16:55:48.252    AVAST engine defs: 14071101
16:56:41.816    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:56:41.821    Disk 0 Vendor: TOSHIBA_MK3255GSX FG011C Size: 305245MB BusType: 11
16:56:41.958    Disk 0 MBR read successfully
16:56:41.961    Disk 0 MBR scan
16:56:41.968    Disk 0 Windows 7 default MBR code
16:56:41.984    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       292665 MB offset 2048
16:56:42.019    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        12576 MB offset 599379968
16:56:42.173    Disk 0 scanning C:\Windows\system32\drivers
16:57:00.073    Service scanning
16:57:07.058    Service BHDrvx64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys **LOCKED** 5
16:57:13.576    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
16:57:14.299    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
16:57:21.464    Service IDSVia64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140710.002\IDSvia64.sys **LOCKED** 5
16:57:32.068    Service NAVENG C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.002\ENG64.SYS **LOCKED** 5
16:57:32.464    Service NAVEX15 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.002\EX64.SYS **LOCKED** 5
16:57:37.412    Service pcmaxservice C:\Program Files\pcmax\pcmax.exe **INFECTED** Win32:Dropper-gen [Drp]
16:58:03.875    Modules scanning
16:58:03.886    Disk 0 trace - called modules:
16:58:03.931    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
16:58:03.947    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c25060]
16:58:03.961    3 CLASSPNP.SYS[fffff880017c843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046c21f0]
16:58:06.330    AVAST engine scan C:\Windows
16:58:10.808    AVAST engine scan C:\Windows\system32
17:03:26.994    AVAST engine scan C:\Windows\system32\drivers
17:04:09.041    AVAST engine scan C:\Users\Marrin
17:16:41.784    File: C:\Users\Marrin\AppData\Roaming\UpdateServ\SearchProtect.exe  **INFECTED** Win32:Dropper-gen [Drp]
17:17:12.931    File: C:\Users\Marrin\Downloads\Driver Update.exe  **INFECTED** Win32:Adware-gen [Adw]
17:17:22.231    File: C:\Users\Marrin\Downloads\Mahjong1 (1).exe  **INFECTED** Win32:Adware-gen [Adw]
17:17:42.182    File: C:\Users\Marrin\Downloads\Revo_Uninstaller_TSV4AGYMS.exe  **INFECTED** Win32:Adware-gen [Adw]
17:18:24.551    AVAST engine scan C:\ProgramData
17:26:26.989    Scan finished successfully
17:29:52.263    Disk 0 MBR has been saved successfully to "C:\Users\Marrin\Desktop\MBR.dat"
17:29:52.303    The log file has been saved successfully to "C:\Users\Marrin\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-07-11 16:55:15
-----------------------------
16:55:15.986    OS Version: Windows x64 6.1.7601 Service Pack 1
16:55:15.986    Number of processors: 2 586 0x170A
16:55:15.988    ComputerName: FLEET-HP-G70  UserName: Marrin
16:55:18.150    Initialize success
16:55:48.252    AVAST engine defs: 14071101
16:56:41.816    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:56:41.821    Disk 0 Vendor: TOSHIBA_MK3255GSX FG011C Size: 305245MB BusType: 11
16:56:41.958    Disk 0 MBR read successfully
16:56:41.961    Disk 0 MBR scan
16:56:41.968    Disk 0 Windows 7 default MBR code
16:56:41.984    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       292665 MB offset 2048
16:56:42.019    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        12576 MB offset 599379968
16:56:42.173    Disk 0 scanning C:\Windows\system32\drivers
16:57:00.073    Service scanning
16:57:07.058    Service BHDrvx64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys **LOCKED** 5
16:57:13.576    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
16:57:14.299    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
16:57:21.464    Service IDSVia64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140710.002\IDSvia64.sys **LOCKED** 5
16:57:32.068    Service NAVENG C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.002\ENG64.SYS **LOCKED** 5
16:57:32.464    Service NAVEX15 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.002\EX64.SYS **LOCKED** 5
16:57:37.412    Service pcmaxservice C:\Program Files\pcmax\pcmax.exe **INFECTED** Win32:Dropper-gen [Drp]
16:58:03.875    Modules scanning
16:58:03.886    Disk 0 trace - called modules:
16:58:03.931    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
16:58:03.947    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c25060]
16:58:03.961    3 CLASSPNP.SYS[fffff880017c843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046c21f0]
16:58:06.330    AVAST engine scan C:\Windows
16:58:10.808    AVAST engine scan C:\Windows\system32
17:03:26.994    AVAST engine scan C:\Windows\system32\drivers
17:04:09.041    AVAST engine scan C:\Users\Marrin
17:16:41.784    File: C:\Users\Marrin\AppData\Roaming\UpdateServ\SearchProtect.exe  **INFECTED** Win32:Dropper-gen [Drp]
17:17:12.931    File: C:\Users\Marrin\Downloads\Driver Update.exe  **INFECTED** Win32:Adware-gen [Adw]
17:17:22.231    File: C:\Users\Marrin\Downloads\Mahjong1 (1).exe  **INFECTED** Win32:Adware-gen [Adw]
17:17:42.182    File: C:\Users\Marrin\Downloads\Revo_Uninstaller_TSV4AGYMS.exe  **INFECTED** Win32:Adware-gen [Adw]
17:18:24.551    AVAST engine scan C:\ProgramData
17:26:26.989    Scan finished successfully
17:29:52.263    Disk 0 MBR has been saved successfully to "C:\Users\Marrin\Desktop\MBR.dat"
17:29:52.303    The log file has been saved successfully to "C:\Users\Marrin\Desktop\aswMBR.txt"
17:39:36.890    Disk 0 MBR has been saved successfully to "C:\Users\Marrin\Desktop\MBR.dat"
17:39:36.899    The log file has been saved successfully to "C:\Users\Marrin\Desktop\aswMBR.txt"
 
 

# AdwCleaner v3.215 - Report created 11/07/2014 at 18:06:34
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marrin - FLEET-HP-G70
# Running from : C:\Users\Marrin\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : hlnfd
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\Marrin\AppData\Local\Browsersafeguard
Folder Deleted : C:\Users\Marrin\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Marrin\AppData\Local\genienext
Folder Deleted : C:\Users\Marrin\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Marrin\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Marrin\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Marrin\AppData\Roaming\Nico Mak Computing
Folder Deleted : C:\Users\Marrin\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Marrin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Marrin\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Mary Delle\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Mary Delle\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
Folder Deleted : C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Folder Deleted : C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom
Folder Deleted : C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijmpjamifmplbakhgikofogdfackici
Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijmpjamifmplbakhgikofogdfackici
Folder Deleted : C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Folder Deleted : C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
[!] Folder Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\SecureAssist.dll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\SecureAssist64.dll
File Deleted : C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\ProgramRefresh-ATFST
File Deleted : C:\Windows\System32\Tasks\ProgramUpdateCheck
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [sp2@sp.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : [x64] HKLM\SOFTWARE\coupon downloader
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=c54c7324-9ce2-0348-354b-184337fd3a5d&searchtype=ds&q={searchTerms}&installDate=09/12/2013
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyC0DtCzzyE0FzytC0B0BzztN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzz0Czz0BtB0D0CtGyByCtBtBtGtCyD0EyBtGzzyEtC0FtGtAtAtC0CyDtAtCtAzy0D0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByByE0E0A0EzytGyB0ByB0AtGtB0FyDtDtGzz0C0C0BtGyEzytBzz0B0A0C0FzytCyEyD2Q&cr=1784708399&ir=
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_file_14_24_ch&cd=2XzuyEtN2Y1L1QzutBtBtByDyDyCtB0EyEtC0EtAtC0B0BzztN0D0Tzu0SzzzyyEtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzzzy0CzytDzytDtGtC0CtA0AtGyEzy0C0EtGyD0A0CtBtGtB0FtAtCtDyDtCyCtC0EzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByByE0E0A0EzytGyB0ByB0AtGtB0FyDtDtGzz0C0C0BtGyEzytBzz0B0A0C0FzytCyEyD2Q&cr=1991546694&ir=
Deleted [Startup_urls] : hxxp://speedial.com/?f=1&a=spd_file_14_24_ch&cd=2XzuyEtN2Y1L1QzutBtBtByDyDyCtB0EyEtC0EtAtC0B0BzztN0D0Tzu0SzzzyyEtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzzzy0CzytDzytDtGtC0CtA0AtGyEzy0C0EtGyD0A0CtBtGtB0FtAtCtDyDtCyCtC0EzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByByE0E0A0EzytGyB0ByB0AtGtB0FyDtDtGzz0C0C0BtGyEzytBzz0B0A0C0FzytCyEyD2Q&cr=1991546694&ir=
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=file_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyC0DtCzzyE0FzytC0B0BzztN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzz0Czz0BtB0D0CtGyByCtBtBtGtCyD0EyBtGzzyEtC0FtGtAtAtC0CyDtAtCtAzy0D0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByByE0E0A0EzytGyB0ByB0AtGtB0FyDtDtGzz0C0C0BtGyEzytBzz0B0A0C0FzytCyEyD2Q&cr=1784708399&ir=
Deleted [Homepage] : hxxp://speedial.com/?f=1&a=spd_file_14_24_ch&cd=2XzuyEtN2Y1L1QzutBtBtByDyDyCtB0EyEtC0EtAtC0B0BzztN0D0Tzu0SzzzyyEtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBzzzy0CzytDzytDtGtC0CtA0AtGyEzy0C0EtGyD0A0CtBtGtB0FtAtCtDyDtCyCtC0EzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByByE0E0A0EzytGyB0ByB0AtGtB0FyDtDtGzz0C0C0BtGyEzytBzz0B0A0C0FzytCyEyD2Q&cr=1991546694&ir=
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Deleted [Extension] : jonjajmpblmjkhjemkalbddhodlehkfg
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
[ File : C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Deleted [Extension] : cmclajginlihohopoeofghddnhpplhom
Deleted [Extension] : jonjajmpblmjkhjemkalbddhodlehkfg
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
[ File : C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : cmclajginlihohopoeofghddnhpplhom
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jonjajmpblmjkhjemkalbddhodlehkfg
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
[ File : C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=17425&tt=4112_1&babsrc=SP_def&mntrId=f8031bb80000000000000025562e41e3
Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&tpr=111
Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={9FC894E0-FBC4-4ADA-9BD4-AE3E202FDAE2}
Deleted [Search Provider] : hxxp://in.ask.com/web?qsrc=1&o=3342&l=sem&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}&barid={201041BE-E84E-4068-A89F-6142B66C683D}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16264835413248930&ctid=CT3298570&UM=2
Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=c54c7324-9ce2-0348-354b-184337fd3a5d&searchtype=ds&q={searchTerms}&installDate=09/12/2013
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtByCzztBtDzy0ByDyE0EtBtDtC0CtN0D0Tzu0CyByCyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1757965625&ir=
Deleted [Startup_urls] : hxxp://search.babylon.com/home?affID=17425&tt=4112_1
Deleted [Startup_urls] : hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={201041BE-E84E-4068-A89F-6142B66C683D}
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN12220913001258431&UM=2&sspv=CHNTR1
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3298570&SearchSource=48&CUI=UN16264835413248930&UM=2
Deleted [Startup_urls] : hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=c54c7324-9ce2-0348-354b-184337fd3a5d&searchtype=hp&installDate=09/12/2013
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtByCzztBtDzy0ByDyE0EtBtDtC0CtN0D0Tzu0CyByCyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1757965625&ir=
Deleted [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Deleted [Extension] : jonjajmpblmjkhjemkalbddhodlehkfg
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [19900 octets] - [11/07/2014 11:54:00]
AdwCleaner[R1].txt - [19959 octets] - [11/07/2014 17:50:31]
AdwCleaner[S0].txt - [18393 octets] - [11/07/2014 18:06:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18454 octets] ##########
 

OTL logfile created on: 7/11/2014 7:23:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marrin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.91 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 53.02% Memory free
7.81 Gb Paging File | 6.02 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.81 Gb Total Space | 165.36 Gb Free Space | 57.86% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.33 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
 
Computer Name: FLEET-HP-G70 | User Name: Marrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marrin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\pcmax\pcmax.exe ()
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\UpdateServer\1386839754\webdev.exe ()
PRC - C:\ProgramData\MediaDev\1386839634\mediadev.exe ()
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (pcmaxservice) -- C:\Program Files\pcmax\pcmax.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe (Symantec Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDevSvc) -- C:\ProgramData\UpdateServer\1386839754\webdev.exe ()
SRV - (MediaDevSvc) -- C:\ProgramData\MediaDev\1386839634\mediadev.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (netfilter64) -- C:\Windows\SysNative\drivers\netfilter64.sys (NetFilterSDK.com)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (vrvd5) -- C:\Windows\SysNative\drivers\vrvd5.sys (Rsupport Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.002\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140711.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{EB35F281-FFBD-4C40-AE7F-CE094CC85DBB}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{36F8331B-5068-4687-9A70-F7FCC438D0B9}: "URL" = http://speedial.com/...=1991546694&ir=
IE - HKCU\..\SearchScopes\{EB35F281-FFBD-4C40-AE7F-CE094CC85DBB}: "URL" = http://www.bing.com/...E11SR&pc=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/04 00:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/03/12 00:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/06/21 21:29:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/07/11 19:15:37 | 000,000,000 | ---D | M]
 
[2012/10/08 08:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Docs = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Pandora = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Norton Identity Protection = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.48_0\
CHR - Extension: Norton Identity Protection = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.3.13_0\
CHR - Extension: Mahjong Solitaire = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Google Wallet = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: GreatArcadeHits = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\
CHR - Extension: GreatArcadeHits = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\
CHR - Extension: Gmail = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/07/01 15:18:14 | 000,450,014 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15446 more lines...
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{843BF815-3D33-4E66-9A97-35951EE0D769}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{a6aabacb-2642-11e2-ba7f-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6BFB075-BA11-4754-9F7C-76D342FB390A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/11 16:53:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Marrin\Desktop\aswMBR.exe
[2014/07/11 11:54:44 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/11 11:53:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/11 11:49:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marrin\Desktop\OTL.exe
[2014/07/11 11:42:34 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\WTT
[2014/07/09 16:54:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/09 16:54:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/09 16:54:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/09 16:54:23 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/09 16:54:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/09 16:54:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/09 16:54:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/09 16:54:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/09 16:54:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/09 16:54:20 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/09 16:54:20 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/09 16:54:20 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/09 16:54:20 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/09 16:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/09 16:54:19 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/09 16:54:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/09 16:54:18 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/09 16:54:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/09 16:54:17 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/09 16:54:17 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/09 16:54:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/09 16:54:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/09 16:54:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/09 16:54:15 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/09 16:54:15 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/09 16:54:14 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/09 16:54:14 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/09 16:54:14 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/09 16:54:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/09 16:54:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/09 16:54:13 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/09 16:54:13 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/09 16:54:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/09 16:54:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/09 16:54:12 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/09 15:52:55 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 15:52:55 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 15:52:41 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/09 15:51:49 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 15:51:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 00:11:59 | 000,000,000 | ---D | C] -- C:\NPE
[2014/07/08 13:34:38 | 000,046,376 | ---- | C] (NetFilterSDK.com) -- C:\Windows\SysNative\drivers\netfilter64.sys
[2014/07/01 01:15:32 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\Seven Zip
[2014/07/01 00:59:13 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/01 00:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/06/28 01:40:35 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\TC for Back Pain
[2014/06/26 17:28:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%LOCALAPPDATA%
[2014/06/26 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
[2014/06/26 09:18:01 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Documents\ProcAlyzer Dumps
[2014/06/22 22:09:25 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/06/22 22:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/06/22 22:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/06/22 06:15:31 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys
[2014/06/22 06:15:31 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam.sys
[2014/06/22 06:15:30 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys
[2014/06/22 06:15:30 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys
[2014/06/22 06:15:30 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys
[2014/06/22 06:15:30 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys
[2014/06/22 06:15:30 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys
[2014/06/22 06:15:30 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys
[2014/06/22 05:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/06/21 21:27:08 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/21 21:26:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/06/21 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/06/21 19:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/06/21 18:39:38 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\rightbackup
[2014/06/21 15:25:15 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\SlimWare Utilities Inc
[2014/06/21 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/06/21 15:15:38 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/20 12:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\pcmax
[2014/06/19 11:44:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C
[2014/06/19 11:39:50 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\LogMeIn Rescue Applet
[2014/06/19 11:24:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/06/19 11:15:20 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/06/17 18:45:24 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\Deployment
[2014/06/16 22:23:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/16 22:22:45 | 000,000,000 | -HSD | C] -- C:\Users\Marrin\AppData\Local\EmieUserList
[2014/06/16 22:22:45 | 000,000,000 | -HSD | C] -- C:\Users\Marrin\AppData\Local\EmieSiteList
[2014/06/12 19:07:08 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\0F1L1I1PtF1F1C1N
[2014/06/12 06:34:24 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/12 06:34:23 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/12 06:34:22 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/06/12 06:34:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/06/12 06:34:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/12 06:34:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/12 06:34:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/12 06:34:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/12 06:33:37 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/12 06:33:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/11 19:23:07 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/11 19:23:07 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/11 19:16:33 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/07/11 19:15:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/11 19:15:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/11 19:15:02 | 3145,093,120 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/11 18:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/11 18:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/11 18:34:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Update {60366004-3A13-43DE-82E5-67525EEA6C96}.job
[2014/07/11 18:34:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {60366004-3A13-43DE-82E5-67525EEA6C96}.job
[2014/07/11 16:50:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Marrin\Desktop\aswMBR.exe
[2014/07/11 11:53:14 | 001,348,263 | ---- | M] () -- C:\Users\Marrin\Desktop\AdwCleaner.exe
[2014/07/11 11:27:21 | 000,854,390 | ---- | M] () -- C:\Users\Marrin\Desktop\SecurityCheck.exe
[2014/07/11 10:14:10 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarrin.job
[2014/07/10 12:57:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marrin\Desktop\OTL.exe
[2014/07/10 06:21:49 | 000,377,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/09 15:50:20 | 002,545,940 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/07/09 03:10:18 | 000,069,926 | ---- | M] () -- C:\Windows\wininit.ini
[2014/07/09 00:37:00 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/07/08 13:34:38 | 000,046,376 | ---- | M] (NetFilterSDK.com) -- C:\Windows\SysNative\drivers\netfilter64.sys
[2014/07/06 22:27:25 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/06 22:27:25 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/06 22:27:25 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/01 15:18:14 | 000,450,014 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151822.backup
[2014/07/01 15:18:14 | 000,450,014 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151844.backup
[2014/07/01 15:18:14 | 000,450,014 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/01 15:14:59 | 000,450,036 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151503.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151814.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151754.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151714.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151703.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151655.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151640.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151612.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151601.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151557.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151553.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151533.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151519.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151508.backup
[2014/07/01 15:13:54 | 000,450,059 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151405.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151459.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151439.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151432.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151418.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151413.backup
[2014/07/01 15:11:02 | 000,450,082 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151108.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151354.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151303.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151245.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151233.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151227.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151142.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151127.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151121.backup
[2014/07/01 15:09:56 | 000,450,110 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151001.backup
[2014/07/01 15:09:56 | 000,450,110 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151102.backup
[2014/07/01 15:09:56 | 000,450,110 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151017.backup
[2014/07/01 15:08:42 | 000,450,136 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150849.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150956.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150915.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150903.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150854.backup
[2014/07/01 15:07:30 | 000,450,164 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150737.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150842.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150747.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150743.backup
[2014/07/01 15:06:41 | 000,450,190 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150644.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150730.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150649.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150645.backup
[2014/07/01 14:50:41 | 000,450,220 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150641.backup
[2014/07/01 14:48:39 | 000,450,250 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144843.backup
[2014/07/01 14:48:39 | 000,450,250 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-145041.backup
[2014/07/01 14:46:17 | 000,450,279 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144839.backup
[2014/07/01 14:44:30 | 000,450,311 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144445.backup
[2014/07/01 14:44:30 | 000,450,311 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144617.backup
[2014/07/01 14:44:30 | 000,450,311 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144449.backup
[2014/07/01 12:18:47 | 000,450,334 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121855.backup
[2014/07/01 12:18:47 | 000,450,334 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144430.backup
[2014/07/01 12:18:47 | 000,450,334 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121902.backup
[2014/07/01 12:18:04 | 000,450,356 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121808.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121847.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121816.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121812.backup
[2014/07/01 12:17:37 | 000,450,387 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121742.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121804.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121800.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121755.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121750.backup
[2014/07/01 12:17:07 | 000,450,422 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121714.backup
[2014/07/01 12:17:07 | 000,450,422 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121737.backup
[2014/07/01 12:16:40 | 000,450,448 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121707.backup
[2014/07/01 12:16:14 | 000,450,473 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121640.backup
[2014/07/01 12:15:15 | 000,450,500 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121521.backup
[2014/07/01 12:15:15 | 000,450,500 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121614.backup
[2014/07/01 12:15:15 | 000,450,500 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121534.backup
[2014/07/01 12:14:44 | 000,450,523 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121451.backup
[2014/07/01 12:14:44 | 000,450,523 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121515.backup
[2014/07/01 12:14:44 | 000,450,523 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121458.backup
[2014/07/01 12:14:15 | 000,450,548 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121420.backup
[2014/07/01 12:14:15 | 000,450,548 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121444.backup
[2014/07/01 12:14:15 | 000,450,548 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121432.backup
[2014/07/01 12:13:52 | 000,450,571 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121357.backup
[2014/07/01 12:13:52 | 000,450,571 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121415.backup
[2014/07/01 12:13:18 | 000,450,608 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121352.backup
[2014/07/01 12:12:37 | 000,450,632 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121242.backup
[2014/07/01 12:12:37 | 000,450,632 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121318.backup
[2014/07/01 12:12:37 | 000,450,632 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121300.backup
[2014/07/01 12:12:14 | 000,450,664 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121228.backup
[2014/07/01 12:12:14 | 000,450,664 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121237.backup
[2014/07/01 12:12:14 | 000,450,664 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121233.backup
[2014/07/01 11:24:00 | 000,450,689 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121214.backup
[2014/07/01 04:23:42 | 000,040,105 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140701.003
[2014/07/01 00:59:17 | 000,001,268 | ---- | M] () -- C:\Users\Marrin\Desktop\Revo Uninstaller.lnk
[2014/06/30 23:12:09 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/06/29 22:33:32 | 000,002,670 | ---- | M] () -- C:\Users\Marrin\Desktop\Mahjong Solitaire.lnk
[2014/06/29 17:29:00 | 000,000,000 | --S- | M] () -- C:\Windows\SysNative\mlsfjow.csx
[2014/06/24 10:40:14 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/06/22 22:09:31 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/06/22 14:35:21 | 000,002,440 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/06/21 21:27:08 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/21 21:27:08 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/21 21:27:08 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/21 19:12:37 | 000,001,276 | ---- | M] () -- C:\Users\Marrin\Desktop\Norton Installation Files.lnk
[2014/06/21 18:30:02 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2014/06/21 15:25:18 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/06/20 01:40:38 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/06/20 01:09:52 | 000,317,105 | --S- | M] () -- C:\Windows\SysNative\wlybo.loy
[2014/06/19 12:38:36 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pegm.voz
[2014/06/18 20:06:24 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/18 19:42:57 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/18 19:42:49 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/18 19:41:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/18 19:41:16 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/06/18 19:31:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/18 19:26:41 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/18 19:24:30 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/18 19:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/18 19:23:53 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/18 19:14:28 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/18 19:09:47 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/18 18:59:04 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/18 18:53:27 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/18 18:51:38 | 005,721,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/18 18:50:47 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/18 18:48:44 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/18 18:39:30 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/18 18:37:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/18 18:36:35 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/18 18:35:55 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/06/18 18:33:07 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/18 18:28:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/18 18:27:45 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/18 18:27:07 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/18 18:25:38 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/18 18:23:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/18 18:22:40 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/18 18:06:10 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/18 18:01:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/18 17:59:37 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/18 17:46:23 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/18 17:45:59 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/18 17:15:24 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/18 17:07:42 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/18 04:49:29 | 000,450,649 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-112400.backup
[2014/06/17 21:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 20:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/06/17 09:40:42 | 000,450,649 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140618-044929.backup
[2014/06/17 03:30:53 | 000,039,538 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140617.006
[2014/06/16 22:22:41 | 000,315,743 | --S- | M] () -- C:\Windows\SysNative\tarr.zjl
[2014/06/12 19:09:24 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/12 19:09:23 | 000,176,040 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/12 10:25:30 | 000,002,283 | ---- | M] () -- C:\Users\Marrin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/11 11:57:12 | 001,348,263 | ---- | C] () -- C:\Users\Marrin\Desktop\AdwCleaner.exe
[2014/07/11 11:27:20 | 000,854,390 | ---- | C] () -- C:\Users\Marrin\Desktop\SecurityCheck.exe
[2014/07/09 00:33:30 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/07/01 23:26:48 | 000,040,105 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140701.003
[2014/07/01 00:59:15 | 000,001,268 | ---- | C] () -- C:\Users\Marrin\Desktop\Revo Uninstaller.lnk
[2014/06/30 23:12:09 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/06/29 22:33:32 | 000,002,670 | ---- | C] () -- C:\Users\Marrin\Desktop\Mahjong Solitaire.lnk
[2014/06/29 17:29:00 | 000,000,000 | --S- | C] () -- C:\Windows\SysNative\mlsfjow.csx
[2014/06/22 22:09:31 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/06/22 22:09:30 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/06/22 06:15:31 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam64.cat
[2014/06/22 06:15:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnet64.cat
[2014/06/22 06:15:31 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnet.inf
[2014/06/22 06:15:31 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam.inf
[2014/06/22 06:15:30 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.cat
[2014/06/22 06:15:30 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.cat
[2014/06/22 06:15:30 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.cat
[2014/06/22 06:15:30 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.cat
[2014/06/22 06:15:30 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.cat
[2014/06/22 06:15:30 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\iron.cat
[2014/06/22 06:15:30 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa.inf
[2014/06/22 06:15:30 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds.inf
[2014/06/22 06:15:30 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.inf
[2014/06/22 06:15:30 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.inf
[2014/06/22 06:15:30 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.inf
[2014/06/22 06:15:30 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\iron.inf
[2014/06/22 06:14:40 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/06/21 21:27:08 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/21 21:27:08 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/21 21:26:57 | 000,002,440 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/06/21 18:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/06/21 15:25:18 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/06/20 01:40:38 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/06/20 01:09:52 | 000,317,105 | --S- | C] () -- C:\Windows\SysNative\wlybo.loy
[2014/06/19 11:46:50 | 002,545,940 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/06/19 11:46:01 | 000,039,538 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140617.006
[2014/06/19 11:15:20 | 000,001,276 | ---- | C] () -- C:\Users\Marrin\Desktop\Norton Installation Files.lnk
[2014/06/16 22:22:41 | 000,315,743 | --S- | C] () -- C:\Windows\SysNative\tarr.zjl
[2014/01/31 03:47:00 | 000,000,043 | ---- | C] () -- C:\Users\Marrin\AppData\Roaming\WB.CFG
[2013/11/15 00:21:14 | 000,000,094 | ---- | C] () -- C:\Windows\XP-610.ini
[2013/10/30 13:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 13:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 13:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 13:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 13:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/06/03 23:42:49 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/03 23:37:48 | 000,000,258 | RHS- | C] () -- C:\Users\Marrin\ntuser.pol
[2013/03/23 10:38:38 | 000,000,022 | ---- | C] () -- C:\Windows\Kyor.ini
[2012/11/04 10:14:55 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012/11/04 10:13:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/10/14 03:03:48 | 000,069,926 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/13 17:00:52 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/09/27 01:55:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/09/21 20:06:28 | 000,222,826 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012/09/21 20:06:28 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 
 
 
 
 
 

 

Attached Files

  • Attached File  MBR.zip   555bytes   55 downloads


#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 July 2014 - 11:46 PM

Hi Marrin,
 

There are symptoms of what I think are other 'viruses', but this SupraSavings is by far the most infuriating, so I would like to approach the others later, in new topics, unless you would suggest otherwise.

There is no need to do that in a different thread. We can tackle any issues all at once.

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\Program Files\pcmax\pcmax.exe ()
    IE:64bit: - HKLM\..\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{EB35F281-FFBD-4C40-AE7F-CE094CC85DBB}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
    IE - HKCU\..\SearchScopes\{36F8331B-5068-4687-9A70-F7FCC438D0B9}: "URL" = http://speedial.com/...=1991546694&ir=
    O2 - BHO: (no name) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
    O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
    O4 - HKCU..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
    
    :Files
    C:\Users\Marrin\AppData\Roaming\UpdateServ\SearchProtect.exe
    C:\Users\Marrin\Downloads\Driver Update.exe
    C:\Users\Marrin\Downloads\Mahjong1 (1).exe
    C:\Users\Marrin\Downloads\Revo_Uninstaller_TSV4AGYMS.exe
    C:\Program Files\pcmax
    
    :Services
    pcmaxservice
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:


  • OTL fix log
  • Fresh OTL.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 13 July 2014 - 06:14 PM

In this most recent cycle, there have been very few SupraSavings popups.  The only apparent place they remain is in 247Mahjong, where things have gotten worse.  The SupraSavings/SupraService window now inserts itself _anytime_ use of this program is attempted, making 247Mahjong totally unuseable.   I hope you don't object to fixing a mere game, as I get a lot of enjoyment from it.
 
Other virus or virus-like annoyances that I THINK I have removed are Conduit and MySearchDial.  At least, they are no longer in the forefront.  They may still be lurking in the background.  There may be others over the last couple of years, but I cannot recall them at the moment.
 
In an earlier attempt to clear SupraSavings and a couple of other problematic situations, I tried to reinstall Windows 7 and found I cannot.  I have a legal upgrade to Windows 7, which, when trying to re-install, causes a message saying that I am attempting to install an older version of Windows 7 than is already installed on the computer.  So far, I'm just living with this.  
 
In this last cycle, I seem also to have 'lost' several themes in display, for no apparent reason.  The computer is now operating more slowly than before, even recently.  Recently, there are also times when there are problems streaming audio from Pandora.  Brief hesitations start happening, and then I get a message alerting about high CPU useage from Pandora.  After a few moments, streaming goes more or less back to normal.
 
Going back about a year or so, I lost the ability to create non-compressed folders on the desktop, and on related windows.  To cope, I copied an uncompressed folder with little in it.  I then erased all the contents of this folder, and renamed it 'Empty.'   When I wanted a folder on the desktop, or in any of the other folders, I would copy this empty folder, rename it appropriately for its new purpose, and use it as if I had created it normally.  
 
Since your last message to me, I decided to clean up the desktop, as it had become very cluttered.  I tried to copy my empty folder as before, but this time, not only was there no copy, the original disappeared.  I  therefore I went back to the folder from which I had previously created the empty folder and copied it.  For some reason, it turned into a compressed folder when I had deleted all the contents.  When I tried to delete this uncooperating folder, I got a message stating that access to the folder was denied, and there were characters in the folder which could not be compressed, and to rename the folder.  Then on trying again, I got a different message stating that access to the folder was denied, and I needed permission from the owner, me, to  perform that action!  I muddled around a bit, and was finally able to move that folder into a pre-existing one, from which it would delete. 
 
My next try to create an empty folder seemingly went OK at first, and I was able to make an 'Empty' folder.  I copied, and renamed this folder two times, each time moving shortcuts from the desktop into these folders.  Then, on the third copy, renaming and filling of the copied folder, suddenly most of the copied shortcuts didn't display icons.  Further, when I tried to accesss them, I was told I did not have the required permission to perform the action.  I found that I could edit and change permissions to "everyone" on about half of them.  The other half would not even permit me to view the permissions, even though a note in that window said that I could do so.  And so it stands.  
 
While working on my computer, my wife mentioned there were problems on her computer as well, with Conduit and MySearchDial.  So either in this open topic, or in another, I need to deal with the problems on that computer as well.  
 
As for how the computer is running at the moment -- If I may, I'll reserve judgement until I have used the computer for a day or so.
 
Here are the log files you requested:
 
OTL Fix log:
 

All processes killed
========== OTL ==========
Process pcmax.exe killed successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AFC124B-0157-4D6C-AD7B-9C366BE29D24}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB35F281-FFBD-4C40-AE7F-CE094CC85DBB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB35F281-FFBD-4C40-AE7F-CE094CC85DBB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36F8331B-5068-4687-9A70-F7FCC438D0B9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36F8331B-5068-4687-9A70-F7FCC438D0B9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg deleted successfully.
C:\Program Files\pcmax\service.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg deleted successfully.
File C:\Program Files\pcmax\service.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg deleted successfully.
File C:\Program Files\pcmax\service.exe not found.
========== FILES ==========
C:\Users\Marrin\AppData\Roaming\UpdateServ\SearchProtect.exe moved successfully.
C:\Users\Marrin\Downloads\Driver Update.exe moved successfully.
C:\Users\Marrin\Downloads\Mahjong1 (1).exe moved successfully.
C:\Users\Marrin\Downloads\Revo_Uninstaller_TSV4AGYMS.exe moved successfully.
C:\Program Files\pcmax folder moved successfully.
========== SERVICES/DRIVERS ==========
Service pcmaxservice stopped successfully!
Service pcmaxservice deleted successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1252 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: F-Squared
->Temp folder emptied: 283324 bytes
->Temporary Internet Files folder emptied: 161141 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7021220 bytes
 
User: LAS
->Temp folder emptied: 323006 bytes
->Temporary Internet Files folder emptied: 247162279 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 75640221 bytes
->Flash cache emptied: 72220 bytes
 
User: Marrin
->Temp folder emptied: 219512779 bytes
->Temporary Internet Files folder emptied: 215153978 bytes
->Java cache emptied: 109865 bytes
->Google Chrome cache emptied: 415989363 bytes
->Flash cache emptied: 55804 bytes
 
User: Mary Delle
->Temp folder emptied: 329082 bytes
->Temporary Internet Files folder emptied: 245494475 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 403212460 bytes
->Flash cache emptied: 30606 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3044047 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2864602629 bytes
RecycleBin emptied: 4111593636 bytes
 
Total Files Cleaned = 8,402.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07132014_163536
 
Files\Folders moved on Reboot...
C:\Users\LAS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\LAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Marrin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Mary Delle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mary Delle\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluX47TPXW96.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluX4UPGM9VQ.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluX5GW0WJPB.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluX7YJMI3Z6.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXAG4JJQ1F.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXAr_P[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXBES4FKPT.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXDMWI307S.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXJSDTOFQ0.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXOJPGP0KR.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXRJ1D5L6Y.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXTTIWZCGQ.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXVAG66VR8.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nU9bDsIwDLsQbUGcKNvKlpE2pcnEuD3dQ0KbhpD4imU7tnx1_WPw-XU6uwBjgNb1slL2Rn4UwsbnI9UTiOKsb2SpMyaVDadY33cp2Uvi2NiA8cNr5xFMYlGzFE_OCmhIytF0KMqluXX8RP5BCA.js not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
******************************************
 
Fresh OTL.txt
 

OTL logfile created on: 7/13/2014 6:21:33 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marrin\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.91 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 66.36% Memory free
7.81 Gb Paging File | 6.38 Gb Available in Paging File | 81.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.81 Gb Total Space | 127.07 Gb Free Space | 44.46% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.33 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: FLEET-HP-G70 | User Name: Marrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marrin\Desktop\Security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\UpdateServer\1386839754\webdev.exe ()
PRC - C:\ProgramData\MediaDev\1386839634\mediadev.exe ()
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe (Symantec Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDevSvc) -- C:\ProgramData\UpdateServer\1386839754\webdev.exe ()
SRV - (MediaDevSvc) -- C:\ProgramData\MediaDev\1386839634\mediadev.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (netfilter64) -- C:\Windows\SysNative\drivers\netfilter64.sys (NetFilterSDK.com)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (vrvd5) -- C:\Windows\SysNative\drivers\vrvd5.sys (Rsupport Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140713.001\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140713.001\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140711.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{EB35F281-FFBD-4C40-AE7F-CE094CC85DBB}: "URL" = http://www.bing.com/...E11SR&pc=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/04 00:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/03/12 00:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/06/21 21:29:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/07/13 18:18:50 | 000,000,000 | ---D | M]
 
[2012/10/08 08:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Docs = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Pandora = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Norton Identity Protection = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.48_0\
CHR - Extension: Norton Identity Protection = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.3.13_0\
CHR - Extension: Mahjong Solitaire = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Google Wallet = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: GreatArcadeHits = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\
CHR - Extension: GreatArcadeHits = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.7_0\
CHR - Extension: Gmail = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/07/01 15:18:14 | 000,450,014 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15446 more lines...
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{843BF815-3D33-4E66-9A97-35951EE0D769}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{a6aabacb-2642-11e2-ba7f-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6BFB075-BA11-4754-9F7C-76D342FB390A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/13 16:35:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/13 02:17:44 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Empty - Copy
[2014/07/12 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Xfer
[2014/07/12 14:16:28 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Empty
[2014/07/12 13:51:03 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Tai Chi
[2014/07/12 02:18:56 | 000,000,000 | R--D | C] -- C:\Users\Marrin\Desktop\Security
[2014/07/11 11:54:44 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/11 11:53:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/09 16:54:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/09 16:54:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/09 16:54:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/09 16:54:23 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/09 16:54:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/09 16:54:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/09 16:54:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/09 16:54:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/09 16:54:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/09 16:54:20 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/09 16:54:20 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/09 16:54:20 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/09 16:54:20 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/09 16:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/09 16:54:19 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/09 16:54:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/09 16:54:18 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/09 16:54:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/09 16:54:17 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/09 16:54:17 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/09 16:54:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/09 16:54:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/09 16:54:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/09 16:54:15 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/09 16:54:15 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/09 16:54:14 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/09 16:54:14 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/09 16:54:14 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/09 16:54:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/09 16:54:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/09 16:54:13 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/09 16:54:13 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/09 16:54:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/09 16:54:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/09 16:54:12 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/09 15:52:55 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 15:52:55 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 15:52:41 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/09 15:51:49 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 15:51:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 00:11:59 | 000,000,000 | ---D | C] -- C:\NPE
[2014/07/08 13:34:38 | 000,046,376 | ---- | C] (NetFilterSDK.com) -- C:\Windows\SysNative\drivers\netfilter64.sys
[2014/07/01 01:15:32 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\Seven Zip
[2014/07/01 00:59:13 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/01 00:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/06/26 17:28:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%LOCALAPPDATA%
[2014/06/26 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
[2014/06/26 09:18:01 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Documents\ProcAlyzer Dumps
[2014/06/22 22:09:25 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/06/22 22:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/06/22 22:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/06/22 06:15:31 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys
[2014/06/22 06:15:31 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam.sys
[2014/06/22 06:15:30 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys
[2014/06/22 06:15:30 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys
[2014/06/22 06:15:30 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys
[2014/06/22 06:15:30 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys
[2014/06/22 06:15:30 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys
[2014/06/22 06:15:30 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys
[2014/06/22 05:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/06/21 21:27:08 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/21 21:26:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/06/21 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/06/21 19:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/06/21 18:39:38 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\rightbackup
[2014/06/21 15:25:15 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\SlimWare Utilities Inc
[2014/06/21 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2014/06/21 15:15:38 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/19 11:44:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C
[2014/06/19 11:39:50 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\LogMeIn Rescue Applet
[2014/06/19 11:24:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/06/19 11:15:20 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/06/17 18:45:24 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\Deployment
[2014/06/16 22:23:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/16 22:22:45 | 000,000,000 | -HSD | C] -- C:\Users\Marrin\AppData\Local\EmieUserList
[2014/06/16 22:22:45 | 000,000,000 | -HSD | C] -- C:\Users\Marrin\AppData\Local\EmieSiteList
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/13 18:26:29 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/13 18:26:29 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/13 18:19:55 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/07/13 18:19:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/13 18:18:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/13 18:18:24 | 3145,093,120 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/13 17:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/13 17:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/13 17:34:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Update {60366004-3A13-43DE-82E5-67525EEA6C96}.job
[2014/07/13 17:34:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {60366004-3A13-43DE-82E5-67525EEA6C96}.job
[2014/07/12 14:07:29 | 000,002,189 | ---- | M] () -- C:\Users\Marrin\Desktop\Printers.zip
[2014/07/11 10:14:10 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarrin.job
[2014/07/10 06:21:49 | 000,377,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/09 15:50:20 | 002,545,940 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/07/09 03:10:18 | 000,069,926 | ---- | M] () -- C:\Windows\wininit.ini
[2014/07/09 00:37:00 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/07/08 13:34:38 | 000,046,376 | ---- | M] (NetFilterSDK.com) -- C:\Windows\SysNative\drivers\netfilter64.sys
[2014/07/06 22:27:25 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/06 22:27:25 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/06 22:27:25 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/01 15:18:14 | 000,450,014 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151822.backup
[2014/07/01 15:18:14 | 000,450,014 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151844.backup
[2014/07/01 15:18:14 | 000,450,014 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/01 15:14:59 | 000,450,036 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151503.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151814.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151754.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151714.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151703.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151655.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151640.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151612.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151601.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151557.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151553.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151533.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151519.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151508.backup
[2014/07/01 15:13:54 | 000,450,059 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151405.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151459.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151439.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151432.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151418.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151413.backup
[2014/07/01 15:11:02 | 000,450,082 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151108.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151354.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151303.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151245.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151233.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151227.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151142.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151127.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151121.backup
[2014/07/01 15:09:56 | 000,450,110 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151001.backup
[2014/07/01 15:09:56 | 000,450,110 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151102.backup
[2014/07/01 15:09:56 | 000,450,110 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151017.backup
[2014/07/01 15:08:42 | 000,450,136 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150849.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150956.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150915.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150903.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150854.backup
[2014/07/01 15:07:30 | 000,450,164 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150737.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150842.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150747.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150743.backup
[2014/07/01 15:06:41 | 000,450,190 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150644.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150730.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150649.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150645.backup
[2014/07/01 14:50:41 | 000,450,220 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150641.backup
[2014/07/01 14:48:39 | 000,450,250 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144843.backup
[2014/07/01 14:48:39 | 000,450,250 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-145041.backup
[2014/07/01 14:46:17 | 000,450,279 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144839.backup
[2014/07/01 14:44:30 | 000,450,311 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144445.backup
[2014/07/01 14:44:30 | 000,450,311 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144617.backup
[2014/07/01 14:44:30 | 000,450,311 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144449.backup
[2014/07/01 12:18:47 | 000,450,334 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121855.backup
[2014/07/01 12:18:47 | 000,450,334 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144430.backup
[2014/07/01 12:18:47 | 000,450,334 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121902.backup
[2014/07/01 12:18:04 | 000,450,356 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121808.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121847.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121816.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121812.backup
[2014/07/01 12:17:37 | 000,450,387 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121742.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121804.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121800.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121755.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121750.backup
[2014/07/01 12:17:07 | 000,450,422 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121714.backup
[2014/07/01 12:17:07 | 000,450,422 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121737.backup
[2014/07/01 12:16:40 | 000,450,448 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121707.backup
[2014/07/01 12:16:14 | 000,450,473 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121640.backup
[2014/07/01 12:15:15 | 000,450,500 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121521.backup
[2014/07/01 12:15:15 | 000,450,500 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121614.backup
[2014/07/01 12:15:15 | 000,450,500 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121534.backup
[2014/07/01 12:14:44 | 000,450,523 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121451.backup
[2014/07/01 12:14:44 | 000,450,523 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121515.backup
[2014/07/01 12:14:44 | 000,450,523 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121458.backup
[2014/07/01 12:14:15 | 000,450,548 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121420.backup
[2014/07/01 12:14:15 | 000,450,548 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121444.backup
[2014/07/01 12:14:15 | 000,450,548 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121432.backup
[2014/07/01 12:13:52 | 000,450,571 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121357.backup
[2014/07/01 12:13:52 | 000,450,571 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121415.backup
[2014/07/01 12:13:18 | 000,450,608 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121352.backup
[2014/07/01 12:12:37 | 000,450,632 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121242.backup
[2014/07/01 12:12:37 | 000,450,632 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121318.backup
[2014/07/01 12:12:37 | 000,450,632 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121300.backup
[2014/07/01 12:12:14 | 000,450,664 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121228.backup
[2014/07/01 12:12:14 | 000,450,664 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121237.backup
[2014/07/01 12:12:14 | 000,450,664 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121233.backup
[2014/07/01 11:24:00 | 000,450,689 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121214.backup
[2014/07/01 04:23:42 | 000,040,105 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140701.003
[2014/06/30 23:12:09 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/06/29 22:33:32 | 000,002,670 | ---- | M] () -- C:\Users\Marrin\Desktop\Mahjong Solitaire.lnk
[2014/06/29 17:29:00 | 000,000,000 | --S- | M] () -- C:\Windows\SysNative\mlsfjow.csx
[2014/06/21 21:27:08 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/06/21 21:27:08 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/21 21:27:08 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/21 18:30:02 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2014/06/21 15:25:18 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/06/20 01:09:52 | 000,317,105 | --S- | M] () -- C:\Windows\SysNative\wlybo.loy
[2014/06/19 12:38:36 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pegm.voz
[2014/06/18 20:06:24 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/18 19:42:57 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/18 19:42:49 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/18 19:41:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/18 19:41:16 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/06/18 19:31:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/18 19:26:41 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/18 19:24:30 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/18 19:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/18 19:23:53 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/18 19:14:28 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/18 19:09:47 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/18 18:59:04 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/18 18:53:27 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/18 18:51:38 | 005,721,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/18 18:50:47 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/18 18:48:44 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/18 18:39:30 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/18 18:37:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/18 18:36:35 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/18 18:35:55 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/06/18 18:33:07 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/18 18:28:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/18 18:27:45 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/18 18:27:07 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/18 18:25:38 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/18 18:23:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/18 18:22:40 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/18 18:06:10 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/18 18:01:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/18 17:59:37 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/18 17:46:23 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/18 17:45:59 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/18 17:15:24 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/18 17:07:42 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/18 04:49:29 | 000,450,649 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-112400.backup
[2014/06/17 21:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 20:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/06/17 09:40:42 | 000,450,649 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140618-044929.backup
[2014/06/17 03:30:53 | 000,039,538 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140617.006
[2014/06/16 22:22:41 | 000,315,743 | --S- | M] () -- C:\Windows\SysNative\tarr.zjl
 
========== Files Created - No Company Name ==========
 
[2014/07/09 00:33:30 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/07/01 23:26:48 | 000,040,105 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140701.003
[2014/06/30 23:12:09 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/06/29 22:33:32 | 000,002,670 | ---- | C] () -- C:\Users\Marrin\Desktop\Mahjong Solitaire.lnk
[2014/06/29 17:29:00 | 000,000,000 | --S- | C] () -- C:\Windows\SysNative\mlsfjow.csx
[2014/06/22 22:09:31 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/06/22 06:15:31 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam64.cat
[2014/06/22 06:15:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnet64.cat
[2014/06/22 06:15:31 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnet.inf
[2014/06/22 06:15:31 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symelam.inf
[2014/06/22 06:15:30 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.cat
[2014/06/22 06:15:30 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.cat
[2014/06/22 06:15:30 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.cat
[2014/06/22 06:15:30 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.cat
[2014/06/22 06:15:30 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.cat
[2014/06/22 06:15:30 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\iron.cat
[2014/06/22 06:15:30 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa.inf
[2014/06/22 06:15:30 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds.inf
[2014/06/22 06:15:30 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.inf
[2014/06/22 06:15:30 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.inf
[2014/06/22 06:15:30 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.inf
[2014/06/22 06:15:30 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\iron.inf
[2014/06/22 06:14:40 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/06/21 21:27:08 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/06/21 21:27:08 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/06/21 18:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/06/21 15:25:18 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/06/20 01:09:52 | 000,317,105 | --S- | C] () -- C:\Windows\SysNative\wlybo.loy
[2014/06/19 11:46:50 | 002,545,940 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/06/19 11:46:01 | 000,039,538 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140617.006
[2014/06/16 22:22:41 | 000,315,743 | --S- | C] () -- C:\Windows\SysNative\tarr.zjl
[2014/01/31 03:47:00 | 000,000,043 | ---- | C] () -- C:\Users\Marrin\AppData\Roaming\WB.CFG
[2013/11/15 00:21:14 | 000,000,094 | ---- | C] () -- C:\Windows\XP-610.ini
[2013/10/30 13:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 13:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 13:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 13:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 13:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/06/03 23:42:49 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/03 23:37:48 | 000,000,258 | RHS- | C] () -- C:\Users\Marrin\ntuser.pol
[2013/03/23 10:38:38 | 000,000,022 | ---- | C] () -- C:\Windows\Kyor.ini
[2012/11/04 10:14:55 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012/11/04 10:13:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/10/14 03:03:48 | 000,069,926 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/13 17:00:52 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/09/27 01:55:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/09/21 20:06:28 | 000,222,826 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012/09/21 20:06:28 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 


#8 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 13 July 2014 - 07:56 PM

Since I posted my last, and only a few minutes ago, I had a popup which I had seen only once before, and about which I had forgotten.  A smallish window appeared, accompanied by the approximate audio "A problem has been detected with your computer.  Please call 896-904-8935 immediately."  The window had the appearance of a media player of some sort, with three choices displayed:  Play again, Go to Library, and Play Previous List, with appropriate iconography preceding each. When the cursor is passed over the window, the symbols relating to playing audio and video show in a bar at the bottom of the window,  along with a blue circle, and the same icon used for Go To Library displayed in the upper right corner of the window. 

 

Thanks very much for your help.



#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 July 2014 - 09:19 PM

Hi Marrin,

Is 247Mahjong a paid program or just a free download?

I"m having a little trouble following your folder issue. Let's put that on the back burner for now as I don't believe that to be malware related. Just asking, are you logged in to the computer on the Administrator Account?
 

While working on my computer, my wife mentioned there were problems on her computer as well, with Conduit and MySearchDial. So either in this open topic, or in another, I need to deal with the problems on that computer as well.

When we have finished working on this computer, we can pick right up with your wife's computer in the same thread. :)
 

A smallish window appeared, accompanied by the approximate audio "A problem has been detected with your computer. Please call 896-904-8935 immediately." The window had the appearance of a media player of some sort, with three choices displayed: Play again, Go to Library, and Play Previous List, with appropriate iconography preceding each.


I did a search for the phone number and I can't find any listing for it. If it should present itself again, use the red "x" in the upper corner to close the window. Don't make a selection of any of the options made available.

=========================

Your last OTL log looked good, but you seem to have something else lurking that's causing some issues.

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • Combofix.txt

     

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 July 2014 - 08:25 PM

Hi Marrin,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 16 July 2014 - 09:34 PM

Yes indeed I need help!  I am delayed by old age and past injuries!  Hope to write a "state of the computer" missive and run combo fix tonight, or early tomorrow AM.  

Thanks for checking!

 

Marrin



#12 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 18 July 2014 - 01:21 AM

Its a bit later that I estimated, but I was able to get on the computer to check for remaining problems, and download ComboFix.  

 

My computer is much better.  I  haven't been on it a lot, because of the physical problems I mentioned, but what I have done on it is much better.  247Mahjong, a free app obtained through Google Play store, is now behaving properly.  In the one foray I made into online catalogs there were no popup ads.  

 

The only other problems are the ones related to not having permission to create folders, etc.  I am positive this was caused by a past computer virus, which was successfully removed.  The virus is gone, but the damage remains.  I believe that if I could re-install Windows 7,  that problem would be fixed as well.  Can WTT help with this?

 

Unless you find something more in the log from ComboFix, I will be ready to start on fixing my wife's computer.  Please advise.

 

The log from ComboFix is below.

 

ComboFix 14-07-17.03 - Marrin 07/17/2014  23:58:05.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2411 [GMT -5:00]
Running from: c:\users\Marrin\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-18 to 2014-07-18  )))))))))))))))))))))))))))))))
.
.
2014-07-13 21:35 . 2014-07-13 21:35 -------- d-----w- C:\_OTL
2014-07-11 16:54 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-11 16:53 . 2014-07-11 23:09 -------- d-----w- C:\AdwCleaner
2014-07-09 20:52 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 20:52 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-07-09 20:52 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-07-09 20:52 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 20:52 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 20:52 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 20:52 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-09 20:52 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 20:52 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 20:51 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 20:51 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-09 20:51 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 09:04 . 2014-07-09 09:04 -------- d-----w- c:\users\Mary Delle\AppData\Local\ElevatedDiagnostics
2014-07-09 05:11 . 2014-07-09 05:12 -------- d-----w- C:\NPE
2014-07-08 18:34 . 2014-07-08 18:34 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-07-01 06:15 . 2014-07-01 06:15 -------- d-----w- c:\users\Marrin\AppData\Local\Seven Zip
2014-07-01 05:59 . 2014-07-01 05:59 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-06-30 23:01 . 2014-06-30 23:01 -------- d-----w- c:\users\F-Squared\AppData\Local\Wondershare
2014-06-27 02:31 . 2014-07-13 09:52 -------- d-----w- c:\users\LAS\AppData\Local\Deployment
2014-06-26 23:01 . 2014-06-26 23:01 -------- d-----w- c:\users\LAS\AppData\Roaming\serv
2014-06-26 22:36 . 2014-06-26 22:36 -------- d-----w- c:\users\Default\AppData\Roaming\serv
2014-06-26 22:28 . 2014-06-26 22:28 -------- d-----w- c:\windows\SysWow64\%LOCALAPPDATA%
2014-06-26 22:27 . 2014-07-08 22:32 -------- d-----w- c:\program files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
2014-06-23 03:09 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-06-23 03:09 . 2014-07-01 16:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-06-23 03:09 . 2014-06-23 03:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-06-22 10:53 . 2014-06-22 10:53 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-06-22 02:27 . 2014-06-22 02:27 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-06-22 02:26 . 2014-06-22 02:26 -------- d-----w- c:\program files (x86)\Norton Security Suite
2014-06-22 00:14 . 2014-06-22 00:14 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-06-21 23:39 . 2014-06-21 23:39 -------- d-----w- c:\users\Marrin\AppData\Roaming\rightbackup
2014-06-21 20:25 . 2014-06-21 20:25 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-06-21 20:25 . 2014-06-21 20:25 -------- d-----w- c:\users\Marrin\AppData\Local\SlimWare Utilities Inc
2014-06-21 20:15 . 2014-07-09 16:37 -------- d-----w- C:\temp
2014-06-19 16:39 . 2014-06-20 03:55 -------- d-----w- c:\users\Marrin\AppData\Local\LogMeIn Rescue Applet
2014-06-19 16:24 . 2014-06-22 19:35 -------- d-----w- c:\windows\system32\drivers\N360x64
2014-06-18 23:27 . 2014-06-18 23:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BC50E3E-BE38-4E82-98C7-145EE8B7D9FD}\offreg.dll
2014-06-18 12:32 . 2014-06-18 12:32 -------- d-----w- c:\users\Mary Delle\AppData\Local\Apps
2014-06-18 12:32 . 2014-07-17 10:23 -------- d-----w- c:\users\Mary Delle\AppData\Local\Deployment
2014-06-18 11:51 . 2014-06-18 11:51 -------- d-sh--w- c:\users\Mary Delle\AppData\Local\EmieUserList
2014-06-18 11:51 . 2014-06-18 11:51 -------- d-sh--w- c:\users\Mary Delle\AppData\Local\EmieSiteList
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 04:03 . 2012-11-06 18:58 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 05:25 . 2012-11-05 16:31 512000 ----a-w- c:\windows\system32\rpcss.dll
2014-06-19 17:38 . 2012-11-05 16:31 512000 ----a-w- c:\windows\system32\pegm.voz
2014-06-13 00:09 . 2014-02-26 21:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-08 09:13 . 2014-06-12 11:33 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-08 09:08 . 2014-06-12 11:33 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-12 11:34 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 11:34 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-30 23:20 . 2014-06-17 14:22 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BC50E3E-BE38-4E82-98C7-145EE8B7D9FD}\mpengine.dll
2014-04-25 02:34 . 2014-06-12 11:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 11:34 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-05-23 466656]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 ssnfd;ssnfd;c:\windows\system32\drivers\ssnfd.sys;c:\windows\SYSNATIVE\drivers\ssnfd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MediaDevSvc;MediaDevSvc;c:\programdata\MediaDev\1386839634\mediadev.exe;c:\programdata\MediaDev\1386839634\mediadev.exe [x]
R2 WinDevSvc;WinDevSvc;c:\programdata\UpdateServer\1386839754\webdev.exe;c:\programdata\UpdateServer\1386839754\webdev.exe [x]
R3 cpuz134;cpuz134;c:\users\Marrin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Marrin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140717.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140717.001\IDSvia64.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe;c:\program files (x86)\SMINST\BLService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vrvd5;vrvd5;c:\windows\system32\DRIVERS\vrvd5.sys;c:\windows\SYSNATIVE\DRIVERS\vrvd5.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 15:00 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 05:10]
.
2014-07-18 c:\windows\Tasks\EPSON XP-610 Series Invitation {60366004-3A13-43DE-82E5-67525EEA6C96}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-18 c:\windows\Tasks\EPSON XP-610 Series Update {60366004-3A13-43DE-82E5-67525EEA6C96}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24 05:41]
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24 05:41]
.
2014-07-15 c:\windows\Tasks\HPCeeScheduleForMarrin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-07-09 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}\876696E696479777966696: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}\C696E6B6379737: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{843BF815-3D33-4E66-9A97-35951EE0D769}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{a6aabacb-2642-11e2-ba7f-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{E6BFB075-BA11-4754-9F7C-76D342FB390A}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: NameServer = 75.126.206.18,184.173.169.186
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\LAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2449328561-2354742652-2778768457-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2449328561-2354742652-2778768457-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-18  00:11:36
ComboFix-quarantined-files.txt  2014-07-18 05:11
.
Pre-Run: 134,171,357,184 bytes free
Post-Run: 133,612,204,032 bytes free
.
- - End Of File - - CD66024B6D7C6F339608AF97337E7456
A36C5E4F47E84449FF07ED3517B43A31


#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 July 2014 - 09:12 AM

Hi Marrin,
 

The only other problems are the ones related to not having permission to create folders, etc. I am positive this was caused by a past computer virus, which was successfully removed. The virus is gone, but the damage remains. I believe that if I could re-install Windows 7, that problem would be fixed as well. Can WTT help with this?

Yes we can help. And yes, a reinstall would probably fix that issue. But it an drastic step to take which would require you to backup all your important data because you would have to reinstall it after you reinstalled Windows.

  • Do you have Windows 7 installation CD/DVD?
  • Are you logged in on the Administrator Account? If not, change permission or account type.

Start > Control Panel > User Accounts

controlpaneluseraccounts_zpsd8dc6736.gif

Please review this information. I will review your CF log after work this evening and post additional instructions.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 July 2014 - 08:00 PM

Hi Marrin,
 

Unless you find something more in the log from ComboFix, I will be ready to start on fixing my wife's computer. Please advise


It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :thumbup:

=========================

bullseye_zpse9eaf36e.gif ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the code-box below into it:
File::
c:\windows\SYSNATIVE\drivers\ssnfd.sys

Driver::
ssnfd

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:


  • ComboFix.txt
  • MBAM log
  • ESET's log.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 July 2014 - 12:17 PM

Hi Marrin,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users