Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Plagued by SupraSavings [Solved]

SupraSavings

  • This topic is locked This topic is locked
63 replies to this topic

#16 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 21 July 2014 - 10:35 PM

Yes, I do!  

 

I have not been able to run ESET online scanner, and have had difficulties with both ComboFix and MBAM because of interference from Norton.  I have therefore spent the day struggling with Norton/Symantec trying to get them to help me to disable ALL of Norton Security Suite.   They have been most uncooperative.  I just finished completely uninstalling Norton, and I don't think I will reinstall when our efforts are complete.

 

Can you suggest a temporary or permanent replacement for Norton?

 

Yes, I still need your help.  Ya'll have become my lifeline in removing malware, and reconstructing my OS.  I appreciate your help very much.  (What happened to OCD?)


    Advertisements

Register to Remove


#17 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 July 2014 - 10:51 PM

Hi Marrin,
 

Can you suggest a temporary or permanent replacement for Norton?


Free Anti-Virus


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#18 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 22 July 2014 - 12:01 AM

OK, the question has now become "How do I disable Microsoft Security Essentials temporarily?" ;-)  I need to now run ESET!



#19 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 July 2014 - 06:21 AM

To do that, open MSE and Go to Settings and click on Real Time and then uncheck the box at the top to disable real time. Click on Save to save the changes.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#20 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 22 July 2014 - 09:04 AM

I have completely removed Norton from my system, probably permanently.  From your suggested list I have replaced it with Microsoft Security Essentials.  I have "disabled" MSE according to your instructions.  Now, when I run ESET, it gives me a warning that MSE is active on my computer, and its presence may degrade the quality of the ESET output.  Should I run ESET despite the warning, or should more steps be taken to completely disable MSE?

 

Thanks for your help



#21 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 July 2014 - 09:21 AM

Hi Marrin,

 

Just go ahead and acknowledge the warning and run the scan. :thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#22 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 22 July 2014 - 07:59 PM

Please find below the ESET log and the ComboFix.log.  Although the window open during the MBAM scan showed there were items found, and a list was shown, attempts to export that log were unsuccessful.   I really don't what happened or why, so I won't speculate.  It simply could not be found when the scan was complete.

 

*************************************************************************************************************

ESET_log.txt

 

  C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Marrin\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Marrin\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AI_RecycleBin\{1D0758C0-8A37-4D58-A0D9-0451AD01B164}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\ProgramData\MediaDev\1386839634\mediadev.exe a variant of Win32/SquareNet.A potentially unwanted application
C:\ProgramData\Microsoft\{ec28ef7a-0644-6663-c055-82063b5ff054}\{ec28ef7a-0644-6663-c055-82063b5ff054}.exe a variant of Win32/Kryptik.CHGC trojan
C:\ProgramData\UpdateServer\1386839754\webdev.exe a variant of Win32/SquareNet.A potentially unwanted application
C:\Users\All Users\MediaDev\1386839634\mediadev.exe a variant of Win32/SquareNet.A potentially unwanted application
C:\Users\All Users\Microsoft\{ec28ef7a-0644-6663-c055-82063b5ff054}\{ec28ef7a-0644-6663-c055-82063b5ff054}.exe a variant of Win32/Kryptik.CHGC trojan
C:\Users\All Users\UpdateServer\1386839754\webdev.exe a variant of Win32/SquareNet.A potentially unwanted application
C:\Users\Marrin\AppData\Local\Installer\Install_7847\cr.exe Win32/Packed.ScrambleWrapper.J potentially unwanted application
C:\Users\Marrin\AppData\Local\Installer\Install_7847\ytdownloader_setup_20140203.exe a variant of Win32/SpeedBit.A potentially unwanted application
C:\Users\Marrin\AppData\Roaming\0F1L1I1PtF1F1C1N\Java Platform SE Free Download Packages\uninstaller.exe Win32/InstallCore.PC potentially unwanted application
C:\Users\Marrin\AppData\Roaming\UpdateServ\IRegCleaner.exe a variant of Win32/AdWare.SmartPCFix.B application
C:\Users\Marrin\AppData\Roaming\UpdateServ\Main_Soft.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Marrin\AppData\Roaming\UpdateServ\Porf_Soft.exe a variant of Win32/AdWare.SmartPCFix.B application
C:\Users\Marrin\Downloads\anyvideoconverter-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\anyvideoconverter-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\Marrin\Downloads\cbsidlm-cbsi188-Free_PDF_to_Word_Converter-SEO-75732609.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Marrin\Downloads\FLV_installer.exe a variant of Win32/SquareNet.A potentially unwanted application
C:\Users\Marrin\Downloads\FreeAllInOneMediaPlayerSetup.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\Users\Marrin\Downloads\FreeVideoToAndroidConverter (1).exe Win32/OpenCandy potentially unsafe application
C:\Users\Marrin\Downloads\FreeVideoToAndroidConverter.exe Win32/OpenCandy potentially unsafe application
C:\Users\Marrin\Downloads\IDM2-Windows-en-us.exe Win32/Idmsq.A potentially unwanted application
C:\Users\Marrin\Downloads\IDM2.exe Win32/Idmsq.A potentially unwanted application
C:\Users\Marrin\Downloads\IE11_setup (1).exe a variant of Win32/InstallCore.IL potentially unwanted application
C:\Users\Marrin\Downloads\IE11_setup (2).exe a variant of Win32/InstallCore.IL potentially unwanted application
C:\Users\Marrin\Downloads\IE11_setup.exe a variant of Win32/InstallCore.IL potentially unwanted application
C:\Users\Marrin\Downloads\MediaPlayerSetup.exe a variant of Win32/InstallCore.OG potentially unwanted application
C:\Users\Marrin\Downloads\Open OfficeSetup.exe a variant of Win32/InstallCore.JO potentially unwanted application
C:\Users\Marrin\Downloads\prismpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Marrin\Downloads\SoftwareInstallation.exe Win32/OutBrowse.L potentially unwanted application
C:\Users\Marrin\Downloads\spybot-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\spybot-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\thai-mahjong-solitaire.exe a variant of Win32/InstallCore.AZ potentially unwanted application
C:\Users\Marrin\Downloads\Unconfirmed 533434.crdownload Win32/DomaIQ.L potentially unwanted application
C:\Users\Marrin\Downloads\wzmp_8 (2).exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application
C:\Users\Marrin\Downloads\wzmp_8.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application
C:\Users\Marrin\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN potentially unwanted application
C:\Users\Mary Delle\Downloads\FreePDFReaderSetup.exe a variant of Win32/InstallBrain.BZ potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Program Files\pcmax\pcmax.exe a variant of Win32/Conduit.SearchProtect.O potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\AppData\Roaming\UpdateServ\SearchProtect.exe Win32/Toolbar.Conduit.R potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\Downloads\Driver Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\Downloads\Mahjong1 (1).exe a variant of Win32/OutBrowse.D potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\Downloads\Revo_Uninstaller_TSV4AGYMS.exe Win32/Toolbar.Conduit.AE potentially unwanted application
 
 
*****************************************************************************************************
ComboFix.txt
ComboFix 14-07-17.03 - Marrin 07/20/2014  23:37:42.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.1739 [GMT -5:00]
Running from: c:\users\Marrin\Desktop\Security\ComboFix.exe
Command switches used :: c:\users\Marrin\Desktop\Security\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ssnfd.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSNFD
-------\Service_ssnfd
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-21 to 2014-07-21  )))))))))))))))))))))))))))))))
.
.
2014-07-21 04:46 . 2014-07-21 04:46 -------- d-----w- c:\users\LAS\AppData\Local\temp
2014-07-21 04:46 . 2014-07-21 04:46 -------- d-----w- c:\users\F-Squared\AppData\Local\temp
2014-07-21 04:46 . 2014-07-21 04:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-20 22:42 . 2014-07-20 22:42 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-20 22:42 . 2014-07-20 22:42 -------- d-----w- c:\programdata\Malwarebytes
2014-07-20 22:42 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-20 22:42 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-20 22:42 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-20 03:14 . 2014-07-20 03:14 -------- d-----w- c:\users\Marrin\AppData\Local\Free_PDF_Solutions
2014-07-20 00:52 . 2014-07-20 00:52 -------- d-----w- c:\users\Marrin\AppData\Roaming\Free PDF Solutions
2014-07-18 05:11 . 2014-07-21 04:46 -------- d-----w- c:\users\Mary Delle\AppData\Local\temp
2014-07-13 21:35 . 2014-07-13 21:35 -------- d-----w- C:\_OTL
2014-07-11 16:54 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-11 16:53 . 2014-07-11 23:09 -------- d-----w- C:\AdwCleaner
2014-07-09 20:52 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 20:52 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-07-09 20:52 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-07-09 20:52 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 20:52 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 20:52 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 20:52 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-09 20:52 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 20:52 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 20:51 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 20:51 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-09 20:51 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 09:04 . 2014-07-09 09:04 -------- d-----w- c:\users\Mary Delle\AppData\Local\ElevatedDiagnostics
2014-07-09 05:11 . 2014-07-09 05:12 -------- d-----w- C:\NPE
2014-07-08 18:34 . 2014-07-08 18:34 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-07-01 06:15 . 2014-07-01 06:15 -------- d-----w- c:\users\Marrin\AppData\Local\Seven Zip
2014-07-01 05:59 . 2014-07-20 03:57 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-06-30 23:01 . 2014-06-30 23:01 -------- d-----w- c:\users\F-Squared\AppData\Local\Wondershare
2014-06-27 02:31 . 2014-07-13 09:52 -------- d-----w- c:\users\LAS\AppData\Local\Deployment
2014-06-26 23:01 . 2014-06-26 23:01 -------- d-----w- c:\users\LAS\AppData\Roaming\serv
2014-06-26 22:36 . 2014-06-26 22:36 -------- d-----w- c:\users\Default\AppData\Roaming\serv
2014-06-26 22:28 . 2014-06-26 22:28 -------- d-----w- c:\windows\SysWow64\%LOCALAPPDATA%
2014-06-26 22:27 . 2014-07-08 22:32 -------- d-----w- c:\program files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
2014-06-23 03:09 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-06-23 03:09 . 2014-07-01 16:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-06-23 03:09 . 2014-06-23 03:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-06-22 11:15 . 2014-02-18 01:32 593112 ----a-w- c:\windows\system32\drivers\N360x64\1503000.00C\symnets.sys
2014-06-22 11:15 . 2013-09-10 02:47 23568 ----a-r- c:\windows\system32\drivers\N360x64\1503000.00C\symelam.sys
2014-06-22 11:15 . 2014-03-04 04:18 1148120 ----a-w- c:\windows\system32\drivers\N360x64\1503000.00C\symefa64.sys
2014-06-22 11:15 . 2014-02-13 01:59 875736 ----a-w- c:\windows\system32\drivers\N360x64\1503000.00C\srtsp64.sys
2014-06-22 11:15 . 2013-09-27 02:45 264280 ----a-r- c:\windows\system32\drivers\N360x64\1503000.00C\ironx64.sys
2014-06-22 11:15 . 2013-09-26 02:50 162392 ----a-r- c:\windows\system32\drivers\N360x64\1503000.00C\ccsetx64.sys
2014-06-22 11:15 . 2013-09-10 02:47 493656 ----a-r- c:\windows\system32\drivers\N360x64\1503000.00C\symds64.sys
2014-06-22 11:15 . 2013-09-10 01:49 36952 ----a-r- c:\windows\system32\drivers\N360x64\1503000.00C\srtspx64.sys
2014-06-22 10:53 . 2014-06-22 10:53 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-06-22 02:27 . 2014-06-22 02:27 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-06-22 02:26 . 2014-06-22 02:26 -------- d-----w- c:\program files (x86)\Norton Security Suite
2014-06-22 00:14 . 2014-06-22 00:14 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-06-21 23:39 . 2014-06-21 23:39 -------- d-----w- c:\users\Marrin\AppData\Roaming\rightbackup
2014-06-21 20:25 . 2014-06-21 20:25 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-06-21 20:25 . 2014-06-21 20:25 -------- d-----w- c:\users\Marrin\AppData\Local\SlimWare Utilities Inc
2014-06-21 20:15 . 2014-07-09 16:37 -------- d-----w- C:\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 04:03 . 2012-11-06 18:58 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 05:25 . 2012-11-05 16:31 512000 ----a-w- c:\windows\system32\rpcss.dll
2014-06-19 17:38 . 2012-11-05 16:31 512000 ----a-w- c:\windows\system32\pegm.voz
2014-06-18 23:27 . 2014-06-18 23:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BC50E3E-BE38-4E82-98C7-145EE8B7D9FD}\offreg.dll
2014-06-13 00:09 . 2014-02-26 21:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-08 09:13 . 2014-06-12 11:33 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-08 09:08 . 2014-06-12 11:33 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-12 11:34 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 11:34 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-30 23:20 . 2014-06-17 14:22 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BC50E3E-BE38-4E82-98C7-145EE8B7D9FD}\mpengine.dll
2014-04-25 02:34 . 2014-06-12 11:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 11:34 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-05-23 466656]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 cpuz134;cpuz134;c:\users\Marrin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Marrin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140718.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140718.001\IDSvia64.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MediaDevSvc;MediaDevSvc;c:\programdata\MediaDev\1386839634\mediadev.exe;c:\programdata\MediaDev\1386839634\mediadev.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe;c:\program files (x86)\SMINST\BLService.exe [x]
S2 WinDevSvc;WinDevSvc;c:\programdata\UpdateServer\1386839754\webdev.exe;c:\programdata\UpdateServer\1386839754\webdev.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vrvd5;vrvd5;c:\windows\system32\DRIVERS\vrvd5.sys;c:\windows\SYSNATIVE\DRIVERS\vrvd5.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 15:00 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 05:10]
.
2014-07-21 c:\windows\Tasks\EPSON XP-610 Series Invitation {05F7B84B-681C-458E-8F3D-374499D28165}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-21 c:\windows\Tasks\EPSON XP-610 Series Invitation {60366004-3A13-43DE-82E5-67525EEA6C96}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-21 c:\windows\Tasks\EPSON XP-610 Series Invitation {E5D829D1-6629-4934-B894-5A14240792C8}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-21 c:\windows\Tasks\EPSON XP-610 Series Update {05F7B84B-681C-458E-8F3D-374499D28165}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-21 c:\windows\Tasks\EPSON XP-610 Series Update {60366004-3A13-43DE-82E5-67525EEA6C96}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-21 c:\windows\Tasks\EPSON XP-610 Series Update {E5D829D1-6629-4934-B894-5A14240792C8}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-11-15 00:20]
.
2014-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24 05:41]
.
2014-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24 05:41]
.
2014-07-19 c:\windows\Tasks\HPCeeScheduleForMarrin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}\876696E696479777966696: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}\C696E6B6379737: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{843BF815-3D33-4E66-9A97-35951EE0D769}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{a6aabacb-2642-11e2-ba7f-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{E6BFB075-BA11-4754-9F7C-76D342FB390A}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: NameServer = 75.126.206.18,184.173.169.186
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2449328561-2354742652-2778768457-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2449328561-2354742652-2778768457-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2014-07-20  23:58:48 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-21 04:58
ComboFix2.txt  2014-07-18 05:11
.
Pre-Run: 133,276,676,096 bytes free
Post-Run: 132,754,534,400 bytes free
.
- - End Of File - - ECA670F015997A2330C5373CB4DC81DE
A36C5E4F47E84449FF07ED3517B43A31
 


#23 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 July 2014 - 08:05 PM

Hi Marrin,

bullseye_zpse9eaf36e.gif Open MBAM and locate the History Tab and click it

MBAMDashboardHistoryTab_zpsd49dfcc3.gif

In the left hand menu locate Application Logs and select it.

MBAMDashboardScanLogMostRecentTab_zps049

Locate the most recent Scan Log and place a check mark in the box next to it and select the View Button.

MBAMDashboardScanLogViewTab_zps957962fe.

In the Scanning History Log, locate the Copy to Clipboard at the bottom of the GUI, and select it. The log file is now waiting to be pasted into a notepad document or directly into the forum's reply window.

MBAMDashboardScanHistoryLogCopytoClipboa
 
Click OK to close

=========================

bullseye_zpse9eaf36e.gif Re-run ESET Online Scanner (this time you will be removing the found threats)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • New ESET log
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#24 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 23 July 2014 - 09:42 PM

Ah - I begin to see the real problem.  I don't think the MBAM software actually installed on my system.  I think that on clicking the MBAM "setup" file when it appeared at the bottom of my screen, that the software actually ran, rather in the fashion of ESET, but didn't install on the system.  If an executable remained on my computer, I haven't found it.  In my ignorance, I didn't realize I needed to question this.  I'll do some more searching tonight to make sure there is no installed MBAM, and then either ask for advice, or, if I find an executable, provide the files as requested.  

 

My apologies.



#25 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 23 July 2014 - 09:44 PM

I forgot to include that my computer is actually running much better than it has in quite some time.


    Advertisements

Register to Remove


#26 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 July 2014 - 10:05 PM

Hi Marrin,

MBAM cannot run on your computer without installing it. ESET is an online scanner while MBAM is a standalone program that must be installed to run.

Just follow the directions to download and install MBAM, then proceed to run the scan requested.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#27 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 24 July 2014 - 02:00 PM

I finally found where MBAM was installed on my computer, was able to access the Application log as you had instructed earlier.  I checked the box next to the most recent scan log, but the view button was greyed out, and could not be accessed.   Please advise.

 

I really must apologize for my ineptitude.  I realize it is hampering your efforts to help me, but rest assured that I am learning from the process, and really appreciate your efforts. 



#28 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 24 July 2014 - 08:20 PM

Hi Marrin,

Well we both have learned something from this little issue you encountered. :clap:

When you place the check-mark in the box I assumed it made the selection for that item, but as you encountered it did not. And as I also tried to recreate it the View button was greyed out for me as well. :pullhair:

Try this solution:
After placing the check-mark in the box move your cursor slightly outside the check box and click your mouse again. The background of the row your selected should turn a blueish color. Now the View button should be visible.

Just follow the remainder of the steps outlined previously to post the log.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#29 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 25 July 2014 - 04:26 AM

I FINALLY  found where the MBAM logs were stashed!  I include the most recent one, as well as the ESET log.

 

Thanks!

 

MBAM log:

 

<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/07/22 20:08:27 -0500</date>
 
<logfile>mbam-log-2014-07-22 (20-08-25).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.07.22.11</malware-database>
 
<rootkit-database>v2014.07.17.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>Marrin</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>406598</objects>
 
<time>2489</time>
 
<processes>4</processes>
 
<modules>0</modules>
 
<keys>13</keys>
 
<values>6</values>
 
<datas>2</datas>
 
<folders>6</folders>
 
<files>38</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<process>
 
<path>C:\ProgramData\UpdateTask\vmhost.exe</path>
 
<vendor>PUP.Optional.VMHost.A</vendor>
 
<action>delete-on-reboot</action>
 
<pid>1296</pid>
 
<hash>7c175250c0bb979fd041ca05ef13d62a</hash>
 
</process>
 
 
-<process>
 
<path>C:\ProgramData\UpdateTask\vmhost.exe</path>
 
<vendor>PUP.Optional.VMHost.A</vendor>
 
<action>delete-on-reboot</action>
 
<pid>6904</pid>
 
<hash>7c175250c0bb979fd041ca05ef13d62a</hash>
 
</process>
 
 
-<process>
 
<path>C:\ProgramData\UpdateServer\1386839754\webdev.exe</path>
 
<vendor>PUP.Optional.UpdateServer.A</vendor>
 
<action>delete-on-reboot</action>
 
<pid>1384</pid>
 
<hash>fc97fba76c0f290d36fde6dadf23af51</hash>
 
</process>
 
 
-<process>
 
<path>C:\ProgramData\MediaDev\1386839634\mediadev.exe</path>
 
<vendor>PUP.Optional.MediaDev.A</vendor>
 
<action>delete-on-reboot</action>
 
<pid>1768</pid>
 
<hash>d1c2039fa1da79bd75c0ae1289790bf5</hash>
 
</process>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}</path>
 
<vendor>PUP.Optional.Outbrowse</vendor>
 
<action>success</action>
 
<hash>a4ef6141f8832f078f45b4e1639f47b9</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}</path>
 
<vendor>PUP.Optional.Outbrowse</vendor>
 
<action>success</action>
 
<hash>a4ef6141f8832f078f45b4e1639f47b9</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}</path>
 
<vendor>PUP.Optional.Outbrowse</vendor>
 
<action>success</action>
 
<hash>a4ef6141f8832f078f45b4e1639f47b9</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}</path>
 
<vendor>PUP.Optional.Outbrowse</vendor>
 
<action>success</action>
 
<hash>a4ef6141f8832f078f45b4e1639f47b9</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}</path>
 
<vendor>PUP.Optional.Outbrowse</vendor>
 
<action>success</action>
 
<hash>a4ef6141f8832f078f45b4e1639f47b9</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\SearchSnacks</path>
 
<vendor>PUP.Optional.SearchSnacks.A</vendor>
 
<action>success</action>
 
<hash>088bdcc692e904320ada1eb5dc263fc1</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\netfilter64</path>
 
<vendor>PUP.Optional.AdPeak</vendor>
 
<action>success</action>
 
<hash>1a793e64afcc6ccaf0368440ef13ec14</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-2449328561-2354742652-2778768457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products</path>
 
<vendor>PUP.Optional.FunWebProducts.A</vendor>
 
<action>success</action>
 
<hash>81120d957b00171f5e6e864d48ba9c64</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-2449328561-2354742652-2778768457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts</path>
 
<vendor>PUP.Optional.FunWebProducts.A</vendor>
 
<action>success</action>
 
<hash>cac9b1f1a9d2e74f0ac3349f9f637e82</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}</path>
 
<vendor>PUP.Optional.UpdateServer.A</vendor>
 
<action>success</action>
 
<hash>fc97fba76c0f290d36fde6dadf23af51</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCEE70C6-FA43-4B67-A889-80AF260D2435}</path>
 
<vendor>PUP.Optional.UpdateServer.A</vendor>
 
<action>success</action>
 
<hash>fc97fba76c0f290d36fde6dadf23af51</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDevSvc</path>
 
<vendor>PUP.Optional.UpdateServer.A</vendor>
 
<action>success</action>
 
<hash>fc97fba76c0f290d36fde6dadf23af51</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MediaDevSvc</path>
 
<vendor>PUP.Optional.MediaDev.A</vendor>
 
<action>success</action>
 
<hash>d1c2039fa1da79bd75c0ae1289790bf5</hash>
 
</key>
 
 
-<value>
 
<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>
 
<valuename>{ec28ef7a-0644-6663-c055-82063b5ff054}</valuename>
 
<vendor>Trojan.Krypt</vendor>
 
<action>success</action>
 
<valuedata>"C:\ProgramData\Microsoft\{ec28ef7a-0644-6663-c055-82063b5ff054}\{ec28ef7a-0644-6663-c055-82063b5ff054}.exe"</valuedata>
 
<hash>fe958a18c4b7082e640acad518e9d22e</hash>
 
</value>
 
 
-<value>
 
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN</path>
 
<valuename>{ec28ef7a-0644-6663-c055-82063b5ff054}</valuename>
 
<vendor>Trojan.Krypt</vendor>
 
<action>success</action>
 
<valuedata>"C:\ProgramData\Microsoft\{ec28ef7a-0644-6663-c055-82063b5ff054}\{ec28ef7a-0644-6663-c055-82063b5ff054}.exe"</valuedata>
 
<hash>fe958a18c4b7082e640acad518e9d22e</hash>
 
</value>
 
 
-<value>
 
<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN</path>
 
<valuename>{ec28ef7a-0644-6663-c055-82063b5ff054}</valuename>
 
<vendor>Trojan.Krypt</vendor>
 
<action>success</action>
 
<valuedata>"C:\ProgramData\Microsoft\{ec28ef7a-0644-6663-c055-82063b5ff054}\{ec28ef7a-0644-6663-c055-82063b5ff054}.exe"</valuedata>
 
<hash>fe958a18c4b7082e640acad518e9d22e</hash>
 
</value>
 
 
-<value>
 
<path>HKU\S-1-5-21-2449328561-2354742652-2778768457-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path>
 
<valuename>sp2@sp.com</valuename>
 
<vendor>PUP.Optional.SocialPrivacy</vendor>
 
<action>success</action>
 
<valuedata>C:\Program Files (x86)\Social Privacy\FF\</valuedata>
 
<hash>b3e02c76d0aba591491f52d252b2a45c</hash>
 
</value>
 
 
-<value>
 
<path>HKU\S-1-5-21-2449328561-2354742652-2778768457-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path>
 
<valuename>sp2@sp.com</valuename>
 
<vendor>PUP.Optional.SocialPrivacy</vendor>
 
<action>success</action>
 
<valuedata>C:\Program Files (x86)\Social Privacy\FF\</valuedata>
 
<hash>5a399d05f388bf7798d0111318eca65a</hash>
 
</value>
 
 
-<value>
 
<path>HKU\S-1-5-21-2449328561-2354742652-2778768457-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path>
 
<valuename>sp2@sp.com</valuename>
 
<vendor>PUP.Optional.SocialPrivacy</vendor>
 
<action>success</action>
 
<valuedata>C:\Program Files (x86)\Social Privacy\FF\</valuedata>
 
<hash>a6ed782a483353e365039292778de020</hash>
 
</value>
 
 
-<data>
 
<path>HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE</path>
 
<valuename>DisableConfig</valuename>
 
<vendor>Windows.Tool.Disabled</vendor>
 
<action>replaced</action>
 
<valuedata>1</valuedata>
 
<baddata>1</baddata>
 
<gooddata>0</gooddata>
 
<hash>b0e3435f95e67db91807406c7f85837d</hash>
 
</data>
 
 
-<data>
 
<path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE</path>
 
<valuename>DisableConfig</valuename>
 
<vendor>Windows.Tool.Disabled</vendor>
 
<action>replaced</action>
 
<valuedata>1</valuedata>
 
<baddata>1</baddata>
 
<gooddata>0</gooddata>
 
<hash>098a81210e6d5fd7dc437933fb09728e</hash>
 
</data>
 
 
-<folder>
 
<path>C:\Users\Marrin\AppData\Roaming\UpdateServ</path>
 
<vendor>PUP.Optional.UpdateService.A</vendor>
 
<action>success</action>
 
<hash>dcb78a188eed46f076daa93cba4810f0</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>91024a581d5ebf77d636eccc10f218e8</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>365d7a285625c472bc50dfd9877bba46</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\ProgramData\UpdateServer\1386839754</path>
 
<vendor>PUP.Optional.UpdateServer.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>fc97fba76c0f290d36fde6dadf23af51</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\ProgramData\MediaDev\1386650935</path>
 
<vendor>PUP.Optional.MediaDev.A</vendor>
 
<action>success</action>
 
<hash>543ffaa86516d6603005754bd0326997</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\ProgramData\MediaDev\1386839634</path>
 
<vendor>PUP.Optional.MediaDev.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>d1c2039fa1da79bd75c0ae1289790bf5</hash>
 
</folder>
 
 
-<file>
 
<path>C:\ProgramData\Microsoft\{ec28ef7a-0644-6663-c055-82063b5ff054}\{ec28ef7a-0644-6663-c055-82063b5ff054}.exe</path>
 
<vendor>Trojan.Krypt</vendor>
 
<action>delete-on-reboot</action>
 
<hash>fe958a18c4b7082e640acad518e9d22e</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\Downloads\MediaPlayerSetup.exe</path>
 
<vendor>PUP.Optional.Adlsoft</vendor>
 
<action>success</action>
 
<hash>dcb7277bef8c1125e296226407fa58a8</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\Downloads\Open OfficeSetup.exe</path>
 
<vendor>PUP.Optional.InstallCore</vendor>
 
<action>success</action>
 
<hash>474c2b77f18ad06611312e7453b1a25e</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Mary Delle\Downloads\FreePDFReaderSetup.exe</path>
 
<vendor>PUP.Optional.InstallBrain.A</vendor>
 
<action>success</action>
 
<hash>fe95ffa3512abc7ad08c1561629f05fb</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Installer\Install_7847\cr.exe</path>
 
<vendor>PUP.Optional.ScramblePacker.A</vendor>
 
<action>success</action>
 
<hash>d7bc69397efdf0462f2ee1a3f908da26</hash>
 
</file>
 
 
-<file>
 
<path>C:\ProgramData\UpdateTask\vmhost.exe</path>
 
<vendor>PUP.Optional.VMHost.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>7c175250c0bb979fd041ca05ef13d62a</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage</path>
 
<vendor>PUP.Optional.BetterDeals.A</vendor>
 
<action>success</action>
 
<hash>d8bb5949334868cee14e41901ee4e31d</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal</path>
 
<vendor>PUP.Optional.BetterDeals.A</vendor>
 
<action>success</action>
 
<hash>494a386a205bb680989727aa5aa88d73</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage</path>
 
<vendor>PUP.Optional.BetterDeals.A</vendor>
 
<action>success</action>
 
<hash>b5de2d752d4e70c6bd72527fb949b14f</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal</path>
 
<vendor>PUP.Optional.BetterDeals.A</vendor>
 
<action>success</action>
 
<hash>9ff4bde5afcc053130fffed310f2e41c</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage</path>
 
<vendor>PUP.Optional.BetterDeals.A</vendor>
 
<action>success</action>
 
<hash>395a465c02799c9a89a6626f9d65d729</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal</path>
 
<vendor>PUP.Optional.BetterDeals.A</vendor>
 
<action>success</action>
 
<hash>aee56141aad181b5bf70b918ae54bf41</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage</path>
 
<vendor>PUP.Optional.Trovi.A</vendor>
 
<action>success</action>
 
<hash>8a097c266615da5ca693993c748ecd33</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Trovi.A</vendor>
 
<action>success</action>
 
<hash>8e050e94fa8191a5b188993cd9299c64</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage</path>
 
<vendor>PUP.Optional.MindSpark.A</vendor>
 
<action>success</action>
 
<hash>2c67cfd3f982bd79cb1a9c3cf0127987</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.MindSpark.A</vendor>
 
<action>success</action>
 
<hash>7122970b94e745f13ca98850d9299868</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage</path>
 
<vendor>PUP.Optional.MindSpark.A</vendor>
 
<action>success</action>
 
<hash>ccc7544e671484b26a8c4e8a828029d7</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.MindSpark.A</vendor>
 
<action>success</action>
 
<hash>8a09f5ad7ffcb87e61953c9ce41ebc44</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage</path>
 
<vendor>PUP.Optional.MindSpark.A</vendor>
 
<action>success</action>
 
<hash>9bf8c6dc5c1fca6c0a0935a4ae540000</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.MindSpark.A</vendor>
 
<action>success</action>
 
<hash>f79c01a1daa163d3080b32a73dc57888</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Roaming\UpdateServ\download.dat</path>
 
<vendor>PUP.Optional.UpdateService.A</vendor>
 
<action>success</action>
 
<hash>dcb78a188eed46f076daa93cba4810f0</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Roaming\UpdateServ\fb_info.dat</path>
 
<vendor>PUP.Optional.UpdateService.A</vendor>
 
<action>success</action>
 
<hash>dcb78a188eed46f076daa93cba4810f0</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Roaming\UpdateServ\IRegCleaner.exe</path>
 
<vendor>PUP.Optional.UpdateService.A</vendor>
 
<action>success</action>
 
<hash>dcb78a188eed46f076daa93cba4810f0</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Roaming\UpdateServ\Main_Soft.exe</path>
 
<vendor>PUP.Optional.UpdateService.A</vendor>
 
<action>success</action>
 
<hash>dcb78a188eed46f076daa93cba4810f0</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Roaming\UpdateServ\Porf_Soft.exe</path>
 
<vendor>PUP.Optional.UpdateService.A</vendor>
 
<action>success</action>
 
<hash>dcb78a188eed46f076daa93cba4810f0</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Roaming\UpdateServ\porf_tool.dat</path>
 
<vendor>PUP.Optional.UpdateService.A</vendor>
 
<action>success</action>
 
<hash>dcb78a188eed46f076daa93cba4810f0</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>494ad3cf7ffcf04693901c06d33106fa</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>8310643e2556fe382cf7140e798b26da</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>375c237fea9185b1b271da481ce8a858</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>c3d0841edd9e4bebf82b899932d27f81</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>afe4059d5823b680f330f131de2616ea</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal</path>
 
<vendor>PUP.Optional.NewTab.A</vendor>
 
<action>success</action>
 
<hash>2e651b870279b68038ebbc6638ccb050</hash>
 
</file>
 
 
-<file>
 
<path>C:\Windows\System32\drivers\netfilter64.sys</path>
 
<vendor>PUP.Optional.AdPeak</vendor>
 
<action>success</action>
 
<hash>1a793e64afcc6ccaf0368440ef13ec14</hash>
 
</file>
 
 
-<file>
 
<path>C:\ProgramData\UpdateServer\1386839754\webdev.exe</path>
 
<vendor>PUP.Optional.UpdateServer.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>fc97fba76c0f290d36fde6dadf23af51</hash>
 
</file>
 
 
-<file>
 
<path>C:\ProgramData\MediaDev\1386839634\mediadev.exe</path>
 
<vendor>PUP.Optional.MediaDev.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>d1c2039fa1da79bd75c0ae1289790bf5</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Preferences</path>
 
<vendor>PUP.Optional.GreatArcadeHits.A</vendor>
 
<action>replaced</action>
 
<baddata> "homepage_url": "http://www.greatarca...com",</baddata>
 
<gooddata/>
 
<hash>00936141710ad3630ec37f5fb64ede22</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Preferences</path>
 
<vendor>PUP.Optional.GreatArcadeHits.A</vendor>
 
<action>replaced</action>
 
<baddata> "homepage_url": "http://www.greatarca...com",</baddata>
 
<gooddata/>
 
<hash>0192a6fc68131224428f6b735fa59967</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Preferences</path>
 
<vendor>PUP.Optional.Babylon.A</vendor>
 
<action>replaced</action>
 
 
<gooddata/>
 
<hash>078c0d95d0ab6dc909eb1bc32dd746ba</hash>
 
</file>
 
</items>
 
</mbam-log>
 
*********************************************************************************************************
 
ESET log:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\F-Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\LAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Marrin\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Marrin\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.23.0.722_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Mary Delle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AI_RecycleBin\{1D0758C0-8A37-4D58-A0D9-0451AD01B164}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\Users\Marrin\AppData\Local\Installer\Install_7847\ytdownloader_setup_20140203.exe a variant of Win32/SpeedBit.A potentially unwanted application
C:\Users\Marrin\AppData\Roaming\0F1L1I1PtF1F1C1N\Java Platform SE Free Download Packages\uninstaller.exe Win32/InstallCore.PC potentially unwanted application
C:\Users\Marrin\Downloads\anyvideoconverter-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\anyvideoconverter-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\Marrin\Downloads\cbsidlm-cbsi188-Free_PDF_to_Word_Converter-SEO-75732609.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Marrin\Downloads\FLV_installer.exe a variant of Win32/SquareNet.A potentially unwanted application
C:\Users\Marrin\Downloads\FreeAllInOneMediaPlayerSetup.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\Users\Marrin\Downloads\FreeVideoToAndroidConverter (1).exe Win32/OpenCandy potentially unsafe application
C:\Users\Marrin\Downloads\FreeVideoToAndroidConverter.exe Win32/OpenCandy potentially unsafe application
C:\Users\Marrin\Downloads\IDM2-Windows-en-us.exe Win32/Idmsq.A potentially unwanted application
C:\Users\Marrin\Downloads\IDM2.exe Win32/Idmsq.A potentially unwanted application
C:\Users\Marrin\Downloads\IE11_setup (1).exe a variant of Win32/InstallCore.IL potentially unwanted application
C:\Users\Marrin\Downloads\IE11_setup (2).exe a variant of Win32/InstallCore.IL potentially unwanted application
C:\Users\Marrin\Downloads\IE11_setup.exe a variant of Win32/InstallCore.IL potentially unwanted application
C:\Users\Marrin\Downloads\prismpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Marrin\Downloads\SoftwareInstallation.exe Win32/OutBrowse.L potentially unwanted application
C:\Users\Marrin\Downloads\spybot-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\spybot-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Marrin\Downloads\thai-mahjong-solitaire.exe a variant of Win32/InstallCore.AZ potentially unwanted application
C:\Users\Marrin\Downloads\Unconfirmed 533434.crdownload Win32/DomaIQ.L potentially unwanted application
C:\Users\Marrin\Downloads\wzmp_8 (2).exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application
C:\Users\Marrin\Downloads\wzmp_8.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application
C:\Users\Marrin\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN potentially unwanted application
C:\Users\Mary Delle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AL3708Y\main[1].htm JS/Kryptik.ARJ trojan
C:\Users\Mary Delle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9O0FBWQ\xcabe[1].swf SWF/Exploit.ExKit.E trojan
C:\_OTL\MovedFiles\07132014_163536\C_Program Files\pcmax\pcmax.exe a variant of Win32/Conduit.SearchProtect.O potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\AppData\Roaming\UpdateServ\SearchProtect.exe Win32/Toolbar.Conduit.R potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\Downloads\Driver Update.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\Downloads\Mahjong1 (1).exe a variant of Win32/OutBrowse.D potentially unwanted application
C:\_OTL\MovedFiles\07132014_163536\C_Users\Marrin\Downloads\Revo_Uninstaller_TSV4AGYMS.exe Win32/Toolbar.Conduit.AE potentially unwanted application
 


#30 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 July 2014 - 09:25 AM

Hi Marrin,

bullseye_zpse9eaf36e.gif Show Hidden Files & Folders in Windows 7
  • To show hidden files, just click on the Organize button in any folder, and then select Folder and Search Options from the menu.
  • Click the View tab, and then you should select Show hidden files and folders in the list.
  • Then click OK.
=========================

Locate the following files and or folders and delete them.
  • C:\AI_RecycleBin\{1D0758C0-8A37-4D58-A0D9-0451AD01B164}\3\Strongvault\
  • C:\Users\Marrin\AppData\Local\Installer\Install_7847\
  • C:\Users\Marrin\AppData\Roaming\0F1L1I1PtF1F1C1N\
  • C:\Users\Marrin\Downloads\anyvideoconverter-setup (1).exe
  • C:\Users\Marrin\Downloads\anyvideoconverter-setup.exe
  • C:\Users\Marrin\Downloads\avc-free.exe Win32
  • C:\Users\Marrin\Downloads\cbsidlm-cbsi188-Free_PDF_to_Word_Converter-SEO-75732609.exe
  • C:\Users\Marrin\Downloads\FLV_installer.exe
  • C:\Users\Marrin\Downloads\FreeAllInOneMediaPlayerSetup.exe
  • C:\Users\Marrin\Downloads\FreeVideoToAndroidConverter (1).exe
  • C:\Users\Marrin\Downloads\FreeVideoToAndroidConverter.exe
  • C:\Users\Marrin\Downloads\IDM2-Windows-en-us.exe
  • C:\Users\Marrin\Downloads\IDM2.exe
  • C:\Users\Marrin\Downloads\prismpsetup.exe
  • C:\Users\Marrin\Downloads\SoftwareInstallation.exe
  • C:\Users\Marrin\Downloads\thai-mahjong-solitaire.exe
  • C:\Users\Marrin\Downloads\Unconfirmed 533434.crdownload
  • C:\Users\Marrin\Downloads\wzmp_8 (2).exe
  • C:\Users\Marrin\Downloads\wzmp_8.exe
  • C:\Users\Marrin\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN
  • C:\Users\Mary Delle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AL3708Y\main[1].htm
  • C:\Users\Mary Delle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9O0FBWQ\xcabe[1].swf
=========================

Re-hide Files and Folders

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • New OTL.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users