Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus/Malware?Trojan? [Solved]


  • This topic is locked This topic is locked

#1
darlinbassmaster

darlinbassmaster

    Member

  • Member
  • PipPip
  • 39 posts
I have tried to install Norton 360 2013, and several of the scans stop part of the way through pausing. I noticed when I try to run some malware programs I get a funny little face and it will have a message saying down we go matey or something similar to that. I have tried several programs trying to remove hat ever it is, but have had no success. I know at one time I ha an apype, but I can no longer use my IE. and alot of my programs in my windows 7 are no longer working properly. I am currently running the OTL. I am at the point of considering a entire reboot of my laptop. My add/remove programs do not work so I am unable to remove stuff or download programs and save them properly. I have a 2009 Gateway Windows 7.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello darlinbassmaster,

Welcome to Geekstogo.

I am currently running the OTL.


I take it you will be posting the logs OTL.txt and Extras.txt when you have them. :)
  • 0

#3
darlinbassmaster

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Attached is the OTL text. I apologize for not getting it to you sooner. :blush: I had a meeting tonight. I hope it helps. Thank you for helping me.
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hi darlinbassmaster,

I apologize for not getting it to you sooner. :blush: I had a meeting tonight.


No problem.

Don't see the attachment. :P

Actually, unless otherwise instructed always post the logs in the forum. :)
  • 0

#5
darlinbassmaster

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
'My OTL Log'

  • 0

#6
darlinbassmaster

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I am not sure how to use your program and my laptop would not cut and paste into the box. :surrender: If it does not show I hope someone will be able to assist.. I usually do not have problems but right now I have had a serious health issue and headaches are a major part for ayear now and are affecting my thinking process. So all help is appreciated. :help:
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again darlinbassmaster,

'My OTL Log'


For some reason I still can't get to that log.

I am not sure how to use your program and my laptop would not cut and paste into the box.


Here are a couple of tips:

Try copying and pasting this way:

Highlight the text and then copy (Ctrl +C) and paste (Ctrl +V) into your reply here.

If that doesn't work try this:

Go to (Edit->Select All, Edit->Copy, Edit -> paste)

Often when highlighting and right clicking to copy and then paste doesn't work one of the above suggestions will.

Tell me if you still have problems. :)
  • 0

#8
darlinbassmaster

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I am unable to get this to work. I am having problems with my command working within windows. Not even the attachment is working :bashhead:
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

I am having problems with my command working within windows.


Can you explain a bit more, do you have more than one operating system on your machine?

Tell me what you are trying to do and what happens when you try. :)
  • 0

#10
darlinbassmaster

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I only have windows 7 I have considered another OS, but I am having problems doing that right now as well. I am able to click an select all but when i got to copy or cut and paste to the post it will not go to the post. I also am not able to get the attachment to attach now. It is like the commands are not there. it does not recognize them? I can do it all day long but It will not actually do what I ask it too. I also tried to use the control-c and control-v and it did not work either. I do not know if it is in the registry or the system. or the infection. I
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

I only have windows 7 I have considered another OS,


No I just wanted to make sure you only had one OS. Some people have more than one on their machines. :)

I am able to click an select all but when i got to copy or cut and paste to the post it will not go to the post.


Okay, something corrupted, something blocking things or malware interference.

It would be good to have those scans to see if they can give us an indication of what is going on.

We have a number of options to try including other tools that might give us a way around the problem, but first:

I wonder do you have more than one computer? If so you might try copying the logs to Notepad and saving to a flash drive or some such. You could then insert the flash drive in your other machine and copy and paste back here.

Also, do you have more than one anti-virus and or Firewall on that computer?
  • 0

#12
darlinbassmaster

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
My husband has a pc. I can try to do this tomorrow. :thumbsup: I have Iobit malware and run Microsoft firewall. Thank you for assisting me with this I will start getting this transferred to a flash drive and get it to you :popcorn: :)
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Thank you for assisting me with this I will start getting this transferred to a flash drive and get it to you :popcorn: :)


As a precaution, before you save to the Flash Drive do this:

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.


Look forward to hearing from you. :thumbsup:

I have Iobit malware


Hmm... not to say this is the cause but I have had people seeking help in the past where Iobit has been part of the problem. Let's see what the logs show. :)
  • 0

#14
darlinbassmaster

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OTL logfile created on: 1/29/2013 7:24:54 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darlene\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 33.96% Memory free
5.73 Gb Paging File | 3.31 Gb Available in Paging File | 57.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 175.74 Gb Free Space | 79.60% Space Free | Partition Type: NTFS

Computer Name: DARLENE-PC | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/01/29 19:24:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Downloads\OTL (1).exe
PRC - [2013/01/28 13:08:55 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/01/15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/04 21:40:04 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
PRC - [2012/09/09 20:52:38 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/22 13:44:30 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/07/27 15:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2010/04/02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/08/07 07:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 03:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\wincfi39.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/01/08 18:24:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 21:40:04 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe -- (NCO)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/08/22 13:44:30 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/29 21:57:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/24 17:53:14 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/14 18:01:23 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/11/14 18:01:22 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/08/20 15:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/25 00:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/27 09:48:00 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/03/21 06:43:02 | 002,808,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 05:48:23 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 14:29:02 | 000,533,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_HDAL_amd64.sys -- (SRS_HDAL_Service)
DRV:64bit: - [2010/02/04 15:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
DRV:64bit: - [2009/11/29 22:14:21 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/14 21:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/07 01:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/05/07 01:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/28 10:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2013/01/24 18:19:21 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130128.004\ex64.sys -- (NAVEX15)
DRV - [2013/01/24 18:19:21 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130128.004\eng64.sys -- (NAVENG)
DRV - [2013/01/24 16:29:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/16 03:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/18 04:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 04:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{420efb88-346f-4cb5-bbb1-cfd5efad5439}: "URL" = http://apype.com/res...q={searchTerms}
IE - HKCU\..\SearchScopes\{47DB563C-4C43-48F7-83B3-0AC985A7E6E5}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6885CC07-581F-42E4-9288-D824DD0A5679}: "URL" = http://apype.com/res...q={searchTerms}
IE - HKCU\..\SearchScopes\{813A9C80-570C-4F23-8282-F94759267674}: "URL" = http://apype.com/res...q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...q={searchTerms}
IE - HKCU\..\SearchScopes\{CE050722-BA4A-4DD7-AB46-6863E132E1F3}: "URL" = http://apype.com/res...q={searchTerms}
IE - HKCU\..\SearchScopes\{DE884100-3BE3-4D0D-BB91-F95C6F0C702D}: "URL" = http://search.yahoo....19630,0,18,6923
IE - HKCU\..\SearchScopes\{E509268D-967F-4137-8070-015354806DD0}: "URL" = http://apype.com/res...q={searchTerms}
IE - HKCU\..\SearchScopes\{EA1E3189-8E84-4F7F-BCF3-5081186D1513}: "URL" = http://apype.com/res...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@meadco.com/neptune plugin,version=2.0.0.29: C:\PROGRA~2\MEADCO~1\npmeadax.dll (MeadCo Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/16 07:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn\ [2013/01/24 17:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/01/24 17:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/01/24 17:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 10:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/24 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Extensions
[2013/01/25 10:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/16 15:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/16 15:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/16 15:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.good-results.info/
CHR - default_search_provider: Norton Safe Search (Enabled)
CHR - default_search_provider: search_url = http://nortonsafe.se..._US&tpr=111
CHR - default_search_provider: suggest_url =
CHR - homepage: http://websearch.good-results.info/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: A Youtube Downloader Free NPAPI (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\difjeglapnfioclmlgbfkepgjnmhjnnb\3.0.0.0_0\A Youtube Downloader Free-np.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Browse2save = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmeplhcmobnjlhimpfiajdcjdpbidgj\1\
CHR - Extension: YouTube = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Browse2save = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeceobdmbdddcdnlkmomlgjhfbmlohnc\1\
CHR - Extension: Search-NewTab = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjedlbhehegpefpgcghfdijgodnechfc\1\
CHR - Extension: Norton Identity Protection = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\
CHR - Extension: Gmail = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/28 10:54:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} http://www.addonchat.com/404.html (Web Browser Applet Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Reg Error: Value error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcp...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B6E206-29AC-483C-9139-F700421DDDAB}: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/28 18:20:24 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Documents\comp.info
[2013/01/28 13:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/01/28 13:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/01/28 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/28 11:01:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/28 10:55:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/28 10:22:24 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Malwarebytes
[2013/01/28 10:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/28 10:22:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/28 10:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/28 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Programs
[2013/01/26 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\WinISO Computing
[2013/01/26 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\WinISO Computing
[2013/01/26 14:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinISO Computing
[2013/01/25 22:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/01/25 00:07:47 | 001,133,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys
[2013/01/25 00:07:47 | 000,493,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys
[2013/01/25 00:07:47 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
[2013/01/25 00:07:47 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symelam.sys
[2013/01/25 00:07:46 | 000,776,864 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
[2013/01/25 00:07:46 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys
[2013/01/25 00:07:46 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys
[2013/01/25 00:07:46 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
[2013/01/25 00:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1402010.016
[2013/01/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Mozilla
[2013/01/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Mozilla
[2013/01/24 22:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/24 22:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/24 19:01:33 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\iWin
[2013/01/24 18:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2013/01/24 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013/01/24 17:53:14 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/24 17:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/24 17:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/24 17:52:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/01/24 17:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/01/24 17:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/01/24 17:37:01 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys
[2013/01/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
[2013/01/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2013/01/24 14:22:45 | 000,000,000 | ---D | C] -- C:\_945401_
[2013/01/24 14:20:43 | 000,000,000 | ---D | C] -- C:\_823657_
[2013/01/24 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\SpeedyPC Software
[2013/01/24 13:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/01/24 13:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/24 13:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT
[2013/01/24 13:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSearch
[2013/01/24 13:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/23 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/01/23 20:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/01/23 20:03:36 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/01/23 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Documents\Visual Studio 2005
[2013/01/23 19:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/01/23 19:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2013/01/23 19:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2013/01/23 19:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/01/23 19:30:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/01/23 19:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/01/23 19:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/01/23 15:13:36 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\WiseDrivers
[2013/01/23 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\RegGenie
[2013/01/23 14:00:29 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2013/01/23 13:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0
[2013/01/23 13:31:15 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\PCCUStubInstaller
[2013/01/21 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\VS Revo Group
[2013/01/17 19:04:27 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\GlarySoft
[2013/01/17 17:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2013/01/14 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\DriverCure
[2013/01/12 18:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RegAce
[2013/01/12 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Driver Updater
[2013/01/12 17:02:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/12 17:01:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/12 16:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/09 22:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/05 19:54:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP
[2013/01/05 08:14:50 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\NPE
[2012/12/31 13:23:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\GroupPolicy
[2012/12/31 13:23:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\GroupPolicy
[2010/12/03 05:48:23 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Darlene\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/29 19:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 09:37:47 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 09:37:47 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 09:27:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/29 09:27:38 | 2309,689,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/28 10:54:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/25 21:25:27 | 000,000,706 | ---- | M] () -- C:\Users\Darlene\Desktop\ubuntu-12.04.1-desktop-amd64 - Shortcut.lnk
[2013/01/25 12:17:38 | 000,874,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/25 12:17:38 | 000,729,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/25 12:17:38 | 000,145,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/25 10:18:20 | 001,649,712 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/25 10:17:48 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 17:53:14 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/24 17:53:14 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/24 17:53:14 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/24 17:50:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/24 14:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/01/24 14:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBFC.dat
[2013/01/23 15:44:45 | 000,429,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/23 13:32:10 | 000,017,494 | ---- | M] () -- C:\Users\Darlene\Desktop\602663_10152459602635010_687421705_n.jpg
[2013/01/22 13:52:27 | 000,107,819 | ---- | M] () -- C:\Users\Darlene\Desktop\MARTINOMEN.jpg
[2013/01/15 18:49:06 | 000,026,432 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/01/14 21:10:44 | 000,000,036 | ---- | M] () -- C:\Users\Darlene\AppData\Roaming\mbam.context.scan
[2013/01/14 18:28:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/14 18:28:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/10 02:46:06 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/04 12:16:16 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\isolate.ini
[2013/01/01 21:25:38 | 000,152,461 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/25 21:25:27 | 000,000,706 | ---- | C] () -- C:\Users\Darlene\Desktop\ubuntu-12.04.1-desktop-amd64 - Shortcut.lnk
[2013/01/25 10:17:48 | 001,649,712 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/25 10:17:48 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/25 00:07:47 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symelam64.cat
[2013/01/25 00:07:47 | 000,007,603 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.cat
[2013/01/25 00:07:47 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
[2013/01/25 00:07:47 | 000,007,597 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.cat
[2013/01/25 00:07:47 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa.inf
[2013/01/25 00:07:47 | 000,002,851 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds.inf
[2013/01/25 00:07:47 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnet.inf
[2013/01/25 00:07:47 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symelam.inf
[2013/01/25 00:07:46 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
[2013/01/25 00:07:46 | 000,007,605 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
[2013/01/25 00:07:46 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
[2013/01/25 00:07:46 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\iron.cat
[2013/01/25 00:07:46 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
[2013/01/25 00:07:46 | 000,001,418 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
[2013/01/25 00:07:46 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.inf
[2013/01/25 00:07:46 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\iron.inf
[2013/01/25 00:07:21 | 000,009,103 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symvtcer.dat
[2013/01/25 00:07:21 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/24 17:53:14 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/24 17:53:14 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/24 17:34:06 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.inf
[2013/01/24 17:34:01 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccsetx64.cat
[2013/01/24 17:34:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\isolate.ini
[2013/01/24 14:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/01/24 14:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBFC.dat
[2013/01/23 22:46:00 | 015,937,536 | ---- | C] () -- C:\Users\Darlene\SYSTEM
[2013/01/23 22:45:18 | 070,270,976 | ---- | C] () -- C:\Users\Darlene\SOFTWARE
[2013/01/23 14:46:25 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
[2013/01/23 13:32:28 | 000,017,494 | ---- | C] () -- C:\Users\Darlene\Desktop\602663_10152459602635010_687421705_n.jpg
[2013/01/23 12:17:56 | 000,429,768 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/22 13:52:49 | 000,107,819 | ---- | C] () -- C:\Users\Darlene\Desktop\MARTINOMEN.jpg
[2013/01/14 21:10:44 | 000,000,036 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\mbam.context.scan
[2013/01/14 21:07:47 | 000,001,424 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/14 18:28:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/14 18:28:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/07 19:30:39 | 000,000,125 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/17 09:29:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DARLENE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/10/15 16:40:46 | 000,000,218 | ---- | C] () -- C:\Windows\iepreview.ini
[2012/10/08 17:43:34 | 000,000,000 | ---- | C] () -- C:\Users\Darlene\AppData\Local\Preferences
[2012/02/23 12:32:34 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/05/12 14:23:51 | 000,001,940 | ---- | C] () -- C:\Users\Darlene\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/27 17:53:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/03/10 13:38:13 | 000,000,880 | ---- | C] () -- C:\Users\Darlene\.recently-used.xbel
[2010/12/03 05:48:23 | 000,007,859 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.cat
[2010/12/03 05:48:23 | 000,001,167 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.inf
[2010/07/07 15:33:26 | 000,009,728 | ---- | C] () -- C:\Users\Darlene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 17:33:28 | 000,002,464 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/22 10:12:57 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\AVG2013
[2011/01/18 13:21:20 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Canneverbe Limited
[2012/10/27 12:51:07 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Canon
[2011/07/13 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\ChemTable Software
[2013/01/14 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\DriverCure
[2013/01/17 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\GlarySoft
[2011/03/10 13:38:13 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\gtk-2.0
[2013/01/23 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\IObit
[2013/01/24 19:01:33 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\iWin
[2011/07/15 20:22:46 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\NCH Swift Sound
[2013/01/23 13:31:15 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\PCCUStubInstaller
[2011/07/15 19:33:41 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Pmcc
[2012/02/20 12:34:35 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Product_RM
[2013/01/23 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\RegGenie
[2013/01/24 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\SpeedyPC Software
[2010/02/04 17:33:29 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Template
[2011/09/21 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Tific
[2011/06/05 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\TomTom
[2013/01/27 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\uTorrent
[2009/11/29 07:16:08 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WildTangent
[2013/01/26 14:42:17 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WinISO Computing
[2013/01/23 19:43:26 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WiseDrivers

========== Purity Check ==========



< End of report >
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello darlinbassmaster,

You appear to have both IOBit and Norton Symantec running. Also Windows Defender is showing although not running.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

You need to uninstall either IOBit or Norton.

After you have uninstalled one of those do this:

Please download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced please post that back here.

Hopefully you will be able to copy and paste by now but if not, follow the flash drive option again. Tell me how you get on. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP