Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Plagued by SupraSavings [Solved]

Started by Marrin , Jul 10 2014 04:01 PM
SupraSavings

  • This topic is locked This topic is locked
63 replies to this topic

#31 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 25 July 2014 - 11:32 AM

The computer is still running very good, thank you!

 

BUT...

 

In the last email from you, I was directed to delete a list of files and folders, among them

  • C:\Users\Mary Delle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AL3708Y\main[1].htm

  • C:\Users\Mary Delle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9O0FBWQ\xcabe[1].swf

 

I could not find these particular files.  In fact, tracing the tree I could not find the Content.IE5 folder.  Yes, I checked that all files including hidden ones are to be displayed, and yes, I am working under an administrator account.  

 

All the others in the list were present, and are now deleted.

 

While deleting files from my Downloads folder, I saw a lot of redundancy.  Is is OK to delete all but the most recent of these downloads?

 

Again, I really do appreciate your help.

 

Following is the contents of the OTL text file:

 

OTL logfile created on: 7/25/2014 11:37:23 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marrin\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.91 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 68.80% Memory free
7.81 Gb Paging File | 6.49 Gb Available in Paging File | 83.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.81 Gb Total Space | 112.88 Gb Free Space | 39.50% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.33 Gb Free Space | 10.87% Space Free | Partition Type: NTFS
Drive E: | 7.80 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: FLEET-HP-G70 | User Name: Marrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marrin\Desktop\Security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (vrvd5) -- C:\Windows\SysNative\drivers\vrvd5.sys (Rsupport Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{EB35F281-FFBD-4C40-AE7F-CE094CC85DBB}: "URL" = http://www.bing.com/...E11SR&pc=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/04 00:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/03/12 00:39:17 | 000,000,000 | ---D | M]
 
[2012/10/08 08:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Pandora = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Mahjong Solitaire = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Google Wallet = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Marrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/07/20 23:49:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {CAFEEFAC-0018-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.8.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.5.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F444FD2-DC83-4356-B972-B13F009035AD}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{843BF815-3D33-4E66-9A97-35951EE0D769}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{a6aabacb-2642-11e2-ba7f-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6BFB075-BA11-4754-9F7C-76D342FB390A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE7AF5DA-51D7-4694-9032-D6510B155674}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/25 11:10:50 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\Installer
[2014/07/25 01:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/07/22 00:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/07/22 00:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/07/21 00:03:27 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/20 23:49:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/07/20 17:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/20 17:42:03 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/20 17:42:03 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/20 17:42:03 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/20 17:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/20 17:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/20 02:39:30 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Tai Chi Writings
[2014/07/19 22:27:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2014/07/19 22:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
[2014/07/19 22:14:04 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\Free_PDF_Solutions
[2014/07/19 19:52:51 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Roaming\Free PDF Solutions
[2014/07/17 23:53:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/07/17 23:53:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/07/17 23:53:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/07/17 23:46:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/07/17 23:46:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/07/13 16:35:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/13 02:17:44 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Empty
[2014/07/12 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Public
[2014/07/12 14:16:28 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Programs
[2014/07/12 13:51:03 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Desktop\Tai Chi
[2014/07/12 02:18:56 | 000,000,000 | R--D | C] -- C:\Users\Marrin\Desktop\Security
[2014/07/11 11:54:44 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/11 11:53:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/09 16:54:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/09 16:54:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/09 16:54:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/09 16:54:23 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/09 16:54:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/09 16:54:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/09 16:54:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/09 16:54:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/09 16:54:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/09 16:54:20 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/09 16:54:20 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/09 16:54:20 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/09 16:54:20 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/09 16:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/09 16:54:19 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/09 16:54:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/09 16:54:18 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/09 16:54:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/09 16:54:17 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/09 16:54:17 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/09 16:54:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/09 16:54:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/09 16:54:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/09 16:54:15 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/09 16:54:15 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/09 16:54:14 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/09 16:54:14 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/09 16:54:14 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/09 16:54:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/09 16:54:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/09 16:54:13 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/09 16:54:13 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/09 16:54:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/09 16:54:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/09 16:54:12 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/09 15:52:55 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 15:52:55 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 15:52:41 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/09 15:51:49 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 15:51:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 00:11:59 | 000,000,000 | ---D | C] -- C:\NPE
[2014/07/01 01:15:32 | 000,000,000 | ---D | C] -- C:\Users\Marrin\AppData\Local\Seven Zip
[2014/07/01 00:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/06/26 17:28:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%LOCALAPPDATA%
[2014/06/26 17:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
[2014/06/26 09:18:01 | 000,000,000 | ---D | C] -- C:\Users\Marrin\Documents\ProcAlyzer Dumps
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/25 11:43:44 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 11:43:44 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/25 11:38:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/25 11:34:48 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2014/07/25 11:34:28 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/25 11:34:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/25 11:33:55 | 3145,093,120 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/25 11:09:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Update {05F7B84B-681C-458E-8F3D-374499D28165}.job
[2014/07/25 11:09:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {05F7B84B-681C-458E-8F3D-374499D28165}.job
[2014/07/25 10:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/25 10:53:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {E5D829D1-6629-4934-B894-5A14240792C8}.job
[2014/07/25 10:52:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Update {E5D829D1-6629-4934-B894-5A14240792C8}.job
[2014/07/25 10:34:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Update {60366004-3A13-43DE-82E5-67525EEA6C96}.job
[2014/07/25 10:34:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {60366004-3A13-43DE-82E5-67525EEA6C96}.job
[2014/07/25 01:30:36 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/23 18:04:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarrin.job
[2014/07/22 00:00:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/07/20 23:49:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/20 22:12:46 | 000,000,017 | ---- | M] () -- C:\Users\Marrin\AppData\Local\resmon.resmoncfg
[2014/07/20 02:40:53 | 000,001,420 | ---- | M] () -- C:\Users\Marrin\Desktop\Printer.zip
[2014/07/20 02:35:11 | 000,377,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/16 02:40:10 | 000,014,811 | ---- | M] () -- C:\Users\Marrin\Documents\Weight room specs 3.ods
[2014/07/16 02:39:28 | 000,014,812 | ---- | M] () -- C:\Users\Marrin\Documents\Weight room specs 2.ods
[2014/07/12 02:19:44 | 000,000,104 | ---- | M] () -- C:\Users\Marrin\Desktop\Control Panel.lnk
[2014/07/09 03:10:18 | 000,069,926 | ---- | M] () -- C:\Windows\wininit.ini
[2014/07/09 00:37:00 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/07/06 22:27:25 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/06 22:27:25 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/06 22:27:25 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/01 15:18:14 | 000,450,014 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151822.backup
[2014/07/01 15:18:14 | 000,450,014 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151844.backup
[2014/07/01 15:14:59 | 000,450,036 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151503.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151814.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151754.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151714.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151703.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151655.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151640.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151612.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151601.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151557.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151553.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151533.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151519.backup
[2014/07/01 15:14:59 | 000,450,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151508.backup
[2014/07/01 15:13:54 | 000,450,059 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151405.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151459.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151439.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151432.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151418.backup
[2014/07/01 15:13:54 | 000,450,059 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151413.backup
[2014/07/01 15:11:02 | 000,450,082 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151108.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151354.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151303.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151245.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151233.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151227.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151142.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151127.backup
[2014/07/01 15:11:02 | 000,450,082 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151121.backup
[2014/07/01 15:09:56 | 000,450,110 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151001.backup
[2014/07/01 15:09:56 | 000,450,110 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151102.backup
[2014/07/01 15:09:56 | 000,450,110 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-151017.backup
[2014/07/01 15:08:42 | 000,450,136 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150849.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150956.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150915.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150903.backup
[2014/07/01 15:08:42 | 000,450,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150854.backup
[2014/07/01 15:07:30 | 000,450,164 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150737.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150842.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150747.backup
[2014/07/01 15:07:30 | 000,450,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150743.backup
[2014/07/01 15:06:41 | 000,450,190 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150644.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150730.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150649.backup
[2014/07/01 15:06:41 | 000,450,190 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150645.backup
[2014/07/01 14:50:41 | 000,450,220 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-150641.backup
[2014/07/01 14:48:39 | 000,450,250 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144843.backup
[2014/07/01 14:48:39 | 000,450,250 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-145041.backup
[2014/07/01 14:46:17 | 000,450,279 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144839.backup
[2014/07/01 14:44:30 | 000,450,311 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144445.backup
[2014/07/01 14:44:30 | 000,450,311 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144617.backup
[2014/07/01 14:44:30 | 000,450,311 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144449.backup
[2014/07/01 12:18:47 | 000,450,334 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121855.backup
[2014/07/01 12:18:47 | 000,450,334 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-144430.backup
[2014/07/01 12:18:47 | 000,450,334 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121902.backup
[2014/07/01 12:18:04 | 000,450,356 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121808.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121847.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121816.backup
[2014/07/01 12:18:04 | 000,450,356 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121812.backup
[2014/07/01 12:17:37 | 000,450,387 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121742.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121804.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121800.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121755.backup
[2014/07/01 12:17:37 | 000,450,387 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121750.backup
[2014/07/01 12:17:07 | 000,450,422 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121714.backup
[2014/07/01 12:17:07 | 000,450,422 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121737.backup
[2014/07/01 12:16:40 | 000,450,448 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121707.backup
[2014/07/01 12:16:14 | 000,450,473 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121640.backup
[2014/07/01 12:15:15 | 000,450,500 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121521.backup
[2014/07/01 12:15:15 | 000,450,500 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121614.backup
[2014/07/01 12:15:15 | 000,450,500 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121534.backup
[2014/07/01 12:14:44 | 000,450,523 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121451.backup
[2014/07/01 12:14:44 | 000,450,523 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121515.backup
[2014/07/01 12:14:44 | 000,450,523 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121458.backup
[2014/07/01 12:14:15 | 000,450,548 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121420.backup
[2014/07/01 12:14:15 | 000,450,548 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121444.backup
[2014/07/01 12:14:15 | 000,450,548 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121432.backup
[2014/07/01 12:13:52 | 000,450,571 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121357.backup
[2014/07/01 12:13:52 | 000,450,571 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121415.backup
[2014/07/01 12:13:18 | 000,450,608 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121352.backup
[2014/07/01 12:12:37 | 000,450,632 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121242.backup
[2014/07/01 12:12:37 | 000,450,632 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121318.backup
[2014/07/01 12:12:37 | 000,450,632 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121300.backup
[2014/07/01 12:12:14 | 000,450,664 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121228.backup
[2014/07/01 12:12:14 | 000,450,664 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121237.backup
[2014/07/01 12:12:14 | 000,450,664 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121233.backup
[2014/07/01 11:24:00 | 000,450,689 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140701-121214.backup
[2014/06/30 23:12:09 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/06/29 22:33:32 | 000,002,670 | ---- | M] () -- C:\Users\Marrin\Desktop\Mahjong Solitaire.lnk
[2014/06/29 17:29:00 | 000,000,000 | --S- | M] () -- C:\Windows\SysNative\mlsfjow.csx
 
========== Files Created - No Company Name ==========
 
[2014/07/22 00:00:50 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/07/22 00:00:23 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/07/20 22:12:46 | 000,000,017 | ---- | C] () -- C:\Users\Marrin\AppData\Local\resmon.resmoncfg
[2014/07/20 15:09:26 | 000,000,725 | ---- | C] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {05F7B84B-681C-458E-8F3D-374499D28165}.job
[2014/07/20 15:09:23 | 000,000,911 | ---- | C] () -- C:\Windows\tasks\EPSON XP-610 Series Update {05F7B84B-681C-458E-8F3D-374499D28165}.job
[2014/07/19 15:53:15 | 000,000,725 | ---- | C] () -- C:\Windows\tasks\EPSON XP-610 Series Invitation {E5D829D1-6629-4934-B894-5A14240792C8}.job
[2014/07/19 15:52:45 | 000,000,911 | ---- | C] () -- C:\Windows\tasks\EPSON XP-610 Series Update {E5D829D1-6629-4934-B894-5A14240792C8}.job
[2014/07/17 23:53:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/17 23:53:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/17 23:53:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/17 23:53:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/17 23:53:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/16 02:40:08 | 000,014,811 | ---- | C] () -- C:\Users\Marrin\Documents\Weight room specs 3.ods
[2014/07/12 02:19:44 | 000,000,104 | ---- | C] () -- C:\Users\Marrin\Desktop\Control Panel.lnk
[2014/07/09 00:33:30 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/06/30 23:12:09 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2014/06/29 22:33:32 | 000,002,670 | ---- | C] () -- C:\Users\Marrin\Desktop\Mahjong Solitaire.lnk
[2014/06/29 17:29:00 | 000,000,000 | --S- | C] () -- C:\Windows\SysNative\mlsfjow.csx
[2014/06/21 18:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/01/31 03:47:00 | 000,000,043 | ---- | C] () -- C:\Users\Marrin\AppData\Roaming\WB.CFG
[2013/11/15 00:21:14 | 000,000,094 | ---- | C] () -- C:\Windows\XP-610.ini
[2013/10/30 13:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 13:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 13:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 13:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 13:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/06/03 23:42:49 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/03 23:37:48 | 000,000,258 | RHS- | C] () -- C:\Users\Marrin\ntuser.pol
[2013/03/23 10:38:38 | 000,000,022 | ---- | C] () -- C:\Windows\Kyor.ini
[2012/11/04 10:14:55 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012/11/04 10:13:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/10/14 03:03:48 | 000,069,926 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/13 17:00:52 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/09/27 01:55:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/09/21 20:06:28 | 000,222,826 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012/09/21 20:06:28 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >

    Advertisements

Register to Remove

#32 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 July 2014 - 07:43 PM

Hi Marrin,
 

I could not find these particular files. In fact, tracing the tree I could not find the Content.IE5 folder.


This step should take care of those two (2) files.

bullseye_zpse9eaf36e.gif Clear Browser Cache in Internet Explorer

  • Close all Internet Explorer and Windows Explorer windows that are currently open.
  • Open Internet Explorer.
  • Click the Tools button ietoolsbutton.jpg, and then expand theSafety menu, then select Delete browsing history.
  • Select the check box next to each of the following categories.
    • Temporary Internet files and website files
    • History
  • Click Delete

=========================



While deleting files from my Downloads folder, I saw a lot of redundancy. Is is OK to delete all but the most recent of these downloads?

Without knowing what the files are I can't say for sure. You could always rename the file (i.e. filenameOLD) and run the program it is associated with and see if there are any adverse effects. If not, it is probably OK to delete the file. If you do run into issues with the program just rename the file back to it's original name.

=========================

bullseye_zpse9eaf36e.gif Delete a File/Folder

Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):

  • C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1 <-- delete the folder, if present

Exit Explorer

=========================

If there are no other issues after completing the above steps we can do a bit of housekeeping and send you on your way.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#33 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 July 2014 - 03:52 AM

Hi Marrin,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#34 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 28 July 2014 - 09:12 AM

I had a BUSY weekend.  I have had some difficulties which I'll pass on to you this evening if you are still willing to help.

 

Thanks ...


#35 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 30 July 2014 - 08:09 PM

Hi Marrin,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#36 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 30 July 2014 - 09:22 PM

I don't know whether I still need help or not!  

 

I had a problem performing your last instructions.  Internet Explorer has disappeared from my system.  I use Chrome almost exclusively, but have been keeping IE as a fallback.  Now it is GONE!  I'm not sure when, but I have my suspicions that it was during a session with Norton.   Their tech asked if I still used IE, and I told him no, not thinking any more about it.  I think it is likely that it was removed at that time, but who knows.  

 

I "fashed aboot" with Chrome, deleted the folder ending in DoD1, and was able to finally remove the last of the files I was told to delete.  Yeah!!

 

 I think that we have completed my first objective, and rid this computer of unwanted files, malware, unwanted advertising programs, virus, etc.  I had originally hoped to continue with correcting a fault with permissions, i.e. not being able to generate new folders, and a couple of other things.  There is also have another computer that is infected, but not nearly as badly as mine.  

 

However, I am having increasing physical difficulties.  It is hard for me to sit in front of the computer, and because of the angle of my arm and shoulder, I have significant pain if I type and use the mouse for more than a few moments at a time.  Therefore, I believe the best course would be to end this thread, and start another when my arm and shoulder heal a bit.  I only regret that I will probably lose your considerate help.

 

Your input on this would be appreciated.

 

Thanks, and thanks again.

 

Marrin Fleet


#37 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 July 2014 - 09:56 AM

Hi Marrin,

 

Please be advised I will keep the thread open until you reply back. Go at your own pace as your limitations allow, there is no hurry.
 

Internet Explorer has disappeared from my system. I use Chrome almost exclusively, but have been keeping IE as a fallback. Now it is GONE! I'm not sure when, but I have my suspicions that it was during a session with Norton. Their tech asked if I still used IE, and I told him no, not thinking any more about it. I think it is likely that it was removed at that time, but who knows.

 
It seems as IE is still installed, maybe the desktop shortcut was removed by mistake.

  • Go to Start > All Programs > locate Internet Explorer (if listed)
  • Right Click on Internet Explorer > select Send To > then choose Desktop (create shortcut)
  • An Internet Explorer icon should now appear on your desktop.

If that hasn't fixed the Internet Explorer issue we will just re-install it.

= = = = = = = = = = = = = = = = = = = =
 

I had originally hoped to continue with correcting a fault with permissions, i.e. not being able to generate new folders, and a couple of other things.

 

Unfortunately, I really only deal with malware issues. Sometimes during the course of malware removal some other issues get resolved as a result. I can always refer you to the Tech Team here at WTT, they might be able to help with the folder issue.

Let me know how you'd like to proceed with regards to this.

= = = = = = = = = = = = = = = = = = = =
 

However, I am having increasing physical difficulties. It is hard for me to sit in front of the computer, and because of the angle of my arm and shoulder, I have significant pain if I type and use the mouse for more than a few moments at a time. Therefore, I believe the best course would be to end this thread, and start another when my arm and shoulder heal a bit. I only regret that I will probably lose your considerate help.

 

I'm sorry that you are experiencing some health issues, and I do fully understand the limitations you have explained. Rest assured that any of the volunteer helpers here are very capable to offer the assistance you need. Or you could send me a PM (personal message) here when you are ready to get started on the other computer.

But before I close this thread we should do some "housekeeping" to remove some of the tools we used during the process.

 

Let me know if the IE issue was resolved by the steps above, if not we will re-install IE then, do the housekeeping.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#38 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 August 2014 - 08:34 PM

Hi Marrin,

It has been a couple weeks and I understand you limitations. I am just wondering if you might be ready to continue?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#39 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 17 August 2014 - 09:48 PM

I am indeed ready!  With a bit of exercise, and a physical therapist, I seem to be ahead of the problem for a bit.  

 

My computer has been doing quite well, thanks to your help.  Is there anything more to do to this one, before we move on to the next?  The next one, my wife's, should not be as much trouble as this one has been.  There also remains the necessity of re-installing Internet Explorer on my computer, but you may wish me to take that up with the opsys folks.  I have discovered that the site for the Veteran's Administration, where I order medications, and keep track of appointments is not completely compatible with Chrome.  They seem interested in being compatible only with Internet Explorer.

 

I am ready to be advised!


#40 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 August 2014 - 10:27 PM

Hi Marrin,

 

Glad to hear you're feeling better. :thumbup:  Your log appears to be clean, but we have some housekeeping to take care of first. Once you have completed the following steps, and feel you are ready to tackle the other computer let me know and I will provide instructions so we can get started.

 

We have a few items to take care of before we get to the All Clean Speech.

Let's go ahead and try reinstalling Internet Explorer 11
http://www.microsoft...11-details.aspx

Reboot after you have completed the download and install, then test the performance of Internet Explorer.

If all seems well, then continue on with the "clean -up"

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

I am a bit uncertain why one of the scans indicates that you have Java 8 Update 5 installed because Oracle (makers of Java) are only up to Java 7 Update 67. So let's remove the version you have installed and get the proper version.

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Java 8 Update 5

=========================

bullseye_zpse9eaf36e.gif Update Java

  • Get the current version of Java (Version 7 Update 67) by going to http://java.com/en/d...windows_xpi.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate windows and frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove

#41 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 18 August 2014 - 06:58 PM

Well . . . I ran into a problem or two.  I tried to follow your instructions in re-installing IE11.  I downloaded the IE installation files, and rebooted my computer.  Of course the installation file was no longer shown at the bottom of my screen, so I went to the download folder, and ran the file from there.  I got the following error:  OPERATING SOLUTION IS NOT SUPPORTED BY THIS VERSION OF INTERNET EXPLORER.  This version of Internet Explorer setup does not support  your version of Windows.  Download the version of Internet Explorer designed for your Windows Operating System from http://go.microsoft..../?linkid=299199

 

I thought that this might be because I ran the .exe from the download folder rather than the active desktop, so I downloaded the .exe file again, and ran it from the active desktop without rebooting.  Same result.  

 

So I went back to the link shown in the error message, and tried running that.  In the error message it indicated that I would be downloading the version of IE compatible with my OS.  The download screen indicated that the download would be for Windows 6.1, and I think I have Windows 7 installed on my computer.  

 

Please advise.

 

Thanks.


#42 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 August 2014 - 07:20 PM

Hi Marrin,

Can you open Internet Explorer? If so, follow the next steps:

Open Internet Explorer browser. In the upper right hand corner locate the gear icon.
left click the gear icon > then select About Internet Explorer

IEGearmenu_zps2b9f86b5.gif

IEAboutmenu_zpsece0026c.gif

Make sure the box that states "Install new versions automatically" is checked.

Make note of what version is installed, click close when done.

=========================

bullseye_zpse9eaf36e.gif Windows Update

  • Open Windows Update by clicking the Start button start.jpg. In the search box, type Update, and then, in the list of results, click Windows Update.
  • In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
  • If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
  • In the list, click the important updates for more information. Check the box for Windows Internet Explorer 11, select the check boxes for any other updates that you want to install, and then click OK.
  • Click Install updates.
  • Read and accept the license terms, and then click Finish if the update requires it. adminshield.jpg Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

Check performance and report back with results.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#43 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 18 August 2014 - 10:40 PM

I cannot access IE.  I have done several searches using variations on the "IE - Explorer - etc" theme, and get no returns that access IE.  I have attempted to run some of them, and they are all related to downloading of an "IE11 - Windows6.1" program.

 

What now?


#44 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 August 2014 - 11:33 PM

Hi Marrin,

How to Uninstall Internet Explorer 11 for Windows 7:
http://www.wikihow.c...1-for-Windows-7

If you can't find Internet Explorer in the list of updates under Windows, use the search box at the top to search for explorer.
 

So I went back to the link shown in the error message, and tried running that. In the error message it indicated that I would be downloading the version of IE compatible with my OS. The download screen indicated that the download would be for Windows 6.1, and I think I have Windows 7 installed on my computer.


Then go back to this step and download and install the version that it is saying is compatible with your OS.
This is probably the file/version it is prompting you to install: ie11-windows6.1-x86-es-es.exe which is the proper version of IE for Windows 7

Reboot, then using the previous step outlined above, check and see what version it shows you are running.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#45 Marrin

Marrin

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 22 August 2014 - 05:17 PM

Sorry I've been out of touch for a couple of days ...

 

I removed IE11.   Then when I tried to re-install, I get the following:  

 

      INTERNET EXPLORER DID NOT FINISH INSTALLING

      For more information see the Internet Explorer Troubleshooter.

      This link is also on your desktop for later reference. 

 

I tried several things in the Troubleshooter, then went to the Windows.com site to try and download IE11 from there.  I got the same message as above with that procedure.  

 

Also, at the same time, I suddenly have no sound output device installed, and as a result have lost audio.  Not a big deal at the moment, but something I would like to fix eventually, either with you or the OS group.  And, of course, I'd like to move on to the second computer, as it has some probable virus problems as well, but it's symptoms are not nearly as bad.

 

More advice please!   Thanks


Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·