Access Denied, Permissions Changed, Folder Duplications

:prop: I have viruses on my computer and have used MalwareBytes for removal, including Chameleon Tool. I have also used their tool for Assassin in order to delete duplicate files and folders. I have also used RogueKiller, twice and it is coming up clean. I was able to uninstall and reinstall my a new web browser (I use FireFox).

I have Norton Security and the paid version of MalwareBytes on my computer.

Following cleanup, I was finally able to use a secure web browser yesterday. I did another complete scan with RogueKiller and came up clean this morning - BUT, I am still being denied access to files, folders and programs to change the permissions.

My files, folders and programs have a bunch of different users listed with permission. Some of them are names with numbers, like S1232.... etc., all users, authorized users, system --- and I've not added them, yet they have special permissions and all access - and I'd see that administrator DID not have all permissions, just read, or something minor like that.

Shared Files-Folders: I noticed that all (or at least a good number) of my folders that I now have duplicates of, are marked as "shared" - and I did not authorize that. I also disconnected my desktop computer from sharing with other computers and devices in my home.

I just used Safe Mode to do the scan and also to access your site and install the OTL tool. The report is below. I've pretty much exhausted everything I can think of ... spent days doing this :headscratch: and yes am feeling explosive :smashcomp: ! Is there anything more I can do?

My hard drive has been divided into 2 - with programs etc. installed on the C drive and all documents etc. are on my J drive. I've done the separate scans of all of the possible ports of entry etc. ... So, can you help - or am I doomed to having to wipe everything off my drive and starting all over again?

Thanks gals/guys!!

It's a mess!!

OTL Report Below

OTL logfile created on: 25/10/2014 10:11:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = J:\SECURITY-DWNLOADS 25-10-2014
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 81.66% Memory free
11.98 Gb Paging File | 11.00 Gb Available in Paging File | 91.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 470.84 Gb Total Space | 358.33 Gb Free Space | 76.11% Space Free | Partition Type: NTFS
Drive J: | 460.67 Gb Total Space | 407.18 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive K: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 1862.36 Gb Total Space | 1211.72 Gb Free Space | 65.06% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/25 10:10:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- J:\SECURITY-DWNLOADS 25-10-2014\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2014/09/29 18:32:26 | 000,616,288 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe -- (Samsung Link Service)
SRV:64bit: - [2014/09/18 22:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/21 11:31:20 | 000,404,360 | ---- | M] (Samsung) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS)
SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 00:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/06/29 14:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 22:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/13 22:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 22:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 22:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/10/11 09:53:23 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/01 12:42:42 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/24 10:54:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/21 07:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe -- (NIS)
SRV - [2014/08/29 18:07:46 | 000,441,144 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014/07/22 15:25:38 | 001,042,808 | ---- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/07/02 14:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/06/02 10:36:12 | 000,296,312 | ---- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/03/20 19:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/01 10:20:55 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/12/31 10:39:03 | 001,406,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Perception\Secura Backup\securasvc.exe -- (SecuraService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/29 07:38:54 | 000,341,136 | ---- | M] (Corel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatch14.exe -- (RoxWatch14)
SRV - [2012/11/29 07:38:38 | 001,096,848 | ---- | M] (Corel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio Easy CD & DVD Burning\Common\RoxMediaDB14.exe -- (RoxMediaDB14)
SRV - [2012/07/11 02:04:00 | 000,022,160 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2012/07/05 19:47:08 | 000,535,184 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Roxio Easy CD & DVD Burning\Roxio Burn\RoxioBurnLauncher.exe -- (RoxioBurnLauncher)
SRV - [2012/06/20 15:48:28 | 000,457,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/03/29 00:46:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/02/17 14:02:08 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2010/11/21 00:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/21 00:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 00:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 00:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (RealtekDU)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/13 22:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/10/25 09:25:10 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/10/25 08:13:56 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 12:42:52 | 000,534,104 | ---- | M] (IBM Corp.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/08/25 23:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 23:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/19 22:14:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/08/06 16:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/03/04 01:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 22:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/12/31 10:09:30 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/01 23:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/25 23:50:25 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/08/01 00:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/02/12 01:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/25 02:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 11:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 04:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/06/20 02:00:00 | 000,028,304 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2012/06/20 02:00:00 | 000,027,792 | ---- | M] (Corel Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2012/06/20 02:00:00 | 000,020,112 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/17 15:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 15:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/07 05:49:26 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 05:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 05:45:36 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 17:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/11 21:23:06 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009/02/11 21:22:52 | 000,045,312 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/10/13 09:11:09 | 000,761,720 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys -- (RapportCerberus_80055)
DRV - [2014/10/05 06:09:08 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20141024.018\ex64.sys -- (NAVEX15)
DRV - [2014/10/05 06:09:08 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20141024.018\eng64.sys -- (NAVENG)
DRV - [2014/10/03 16:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141016.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/10/01 12:42:52 | 000,557,656 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/10/01 12:42:52 | 000,445,880 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/09/09 03:55:01 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/09/09 03:55:00 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/30 19:45:42 | 000,063,000 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys -- (ESProtectionDriver)
DRV - [2014/08/29 12:40:34 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141024.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E E2 68 EC CD EE CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=444
IE - HKCU\..\SearchScopes\{59B46FE5-3473-49FD-980F-96C187099CB1}: "URL" = http://search.zoneal...Id=&ver=&&r=649
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"about:home
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.9.8
FF - prefs.js..extensions.enabledAddons: %7B1b8cc170-8c85-11db-b606-0800200c9a66%7D:4.0.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1127
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ [2014/10/25 07:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/31 10:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2014/10/23 21:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\uhk19iin.default\extensions
[2014/10/23 21:56:57 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\uhk19iin.default\extensions\[email protected]
[2014/10/21 17:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vvdgp29k.default-1413922228900\extensions
[2014/10/23 20:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/10/23 20:15:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Copyright 2013 SAMSUNG)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Converter Professional 7-reminder] C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatchTray14.exe (Corel Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF432766-B8C4-4CD9-94F8-886EB4A306EC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D06F27C2-B1E5-4257-B417-588B7E4EC825}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 17:00:27 | 000,000,088 | ---- | M] () - K:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{df09ee2b-721a-11e3-98dc-850b2d60026b}\Shell - "" = AutoRun
O33 - MountPoints2\{df09ee2b-721a-11e3-98dc-850b2d60026b}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- [2010/01/21 21:13:40 | 003,330,848 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/25 09:24:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\rmi
[2014/10/23 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/10/23 20:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/10/23 10:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/10/22 21:57:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2014/10/22 21:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2014/10/22 21:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2014/10/22 21:57:46 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/10/22 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2014/10/22 09:36:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ParetoLogic
[2014/10/22 09:36:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2014/10/22 09:35:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2014/10/22 09:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2014/10/22 09:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2014/10/22 09:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2014/10/22 01:32:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TweakBit
[2014/10/21 18:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\REGSERVO64
[2014/10/21 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SweepTools
[2014/10/21 18:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweepTools PC Cleaner
[2014/10/21 09:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
[2014/10/21 09:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes Anti-Exploit
[2014/10/21 09:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit
[2014/10/15 12:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TweakBit
[2014/10/15 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[2014/10/15 12:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakBit
[2014/10/15 06:29:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/10/14 12:18:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FreeHideIP
[2014/10/09 15:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/10/09 15:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/10/09 15:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/10/09 15:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/10/09 15:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/10/03 16:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/10/03 16:13:06 | 000,000,000 | R--D | C] -- C:\Users\Owner\OneDrive
[2014/10/03 16:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2009/02/13 12:02:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\devcon_amd64.exe

========== Files - Modified Within 30 Days ==========

[2014/10/25 09:38:10 | 000,001,215 | ---- | M] () -- C:\Users\Owner\Desktop\Continue RogueKiller Installation.lnk
[2014/10/25 09:25:10 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/10/25 09:25:08 | 019,114,072 | ---- | M] () -- C:\Users\Owner\Desktop\OCT 23, 2014 RogueKillerX64.exe
[2014/10/25 09:06:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/25 08:13:56 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/25 08:09:29 | 529,850,367 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/25 08:08:10 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\RegCure Pro Startup.job
[2014/10/25 07:54:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/25 07:43:19 | 000,029,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 07:43:19 | 000,029,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/25 07:37:55 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3435033685-3848496389-1105465985-1000UA.job
[2014/10/25 07:35:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/25 07:33:07 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/10/25 07:31:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/25 07:31:24 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2014/10/25 07:30:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/10/24 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2014/10/24 10:37:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3435033685-3848496389-1105465985-1000Core.job
[2014/10/24 09:13:34 | 000,902,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/24 09:13:34 | 000,751,356 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/24 09:13:34 | 000,157,716 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/24 01:19:01 | 000,000,563 | ---- | M] () -- C:\Windows\tasks\RegCure Pro_sch_FE4F7D40-59E7-11E4-9D32-4487FCCC2364.job
[2014/10/23 20:15:28 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/23 11:35:11 | 000,244,032 | ---- | M] () -- C:\Program Files (x86)\Oct 23-14 DOWNLOAD Firefox Setup Stub 33.0.exe
[2014/10/23 10:08:08 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3_triggeronce.job
[2014/10/22 22:00:51 | 000,845,878 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/10/22 19:46:03 | 000,010,754 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values.EML
[2014/10/22 17:44:48 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2014/10/22 09:36:14 | 000,001,222 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure Pro.lnk
[2014/10/22 09:36:12 | 000,001,198 | ---- | M] () -- C:\Users\Owner\Desktop\RegCure Pro.lnk
[2014/10/21 19:58:53 | 000,746,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/21 18:00:24 | 000,000,030 | ---- | M] () -- C:\override.ini
[2014/10/21 13:47:33 | 000,001,130 | ---- | M] () -- C:\Users\Owner\Desktop\TweakBit PCSuite.lnk
[2014/10/21 09:02:07 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
[2014/10/15 19:31:11 | 000,001,158 | ---- | M] () -- C:\Users\Owner\Desktop\TweakBit PCBooster.lnk
[2014/10/15 13:22:09 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2014/10/15 12:37:34 | 000,001,158 | ---- | M] () -- C:\Users\Owner\Desktop\TweakBit PCCleaner.lnk
[2014/10/15 12:37:13 | 000,001,130 | ---- | M] () -- C:\Users\Owner\Desktop\TweakBit FixMyPC.lnk
[2014/10/13 15:59:11 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/03 19:40:35 | 000,026,051 | ---- | M] () -- C:\Users\Owner\Desktop\Oct 2014 IncrediMail Exported Contacts (csv format).csv
[2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/25 10:41:05 | 000,004,096 | ---- | M] () -- C:\Users\Owner\AppData\Local\keyfile3.drm

========== Files Created - No Company Name ==========

[2014/10/25 09:38:09 | 000,001,215 | ---- | C] () -- C:\Users\Owner\Desktop\Continue RogueKiller Installation.lnk
[2014/10/23 20:15:28 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/10/23 20:15:28 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/23 16:28:55 | 019,114,072 | ---- | C] () -- C:\Users\Owner\Desktop\OCT 23, 2014 RogueKillerX64.exe
[2014/10/23 11:34:52 | 000,244,032 | ---- | C] () -- C:\Program Files (x86)\Oct 23-14 DOWNLOAD Firefox Setup Stub 33.0.exe
[2014/10/23 10:04:03 | 000,037,624 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/10/22 09:36:20 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2014/10/22 09:36:14 | 000,001,222 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure Pro.lnk
[2014/10/22 09:36:13 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\RegCure Pro Startup.job
[2014/10/22 09:36:12 | 000,001,198 | ---- | C] () -- C:\Users\Owner\Desktop\RegCure Pro.lnk
[2014/10/22 09:36:11 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2014/10/22 09:36:09 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3_triggeronce.job
[2014/10/22 09:36:07 | 000,000,563 | ---- | C] () -- C:\Windows\tasks\RegCure Pro_sch_FE4F7D40-59E7-11E4-9D32-4487FCCC2364.job
[2014/10/21 13:47:33 | 000,001,130 | ---- | C] () -- C:\Users\Owner\Desktop\TweakBit PCSuite.lnk
[2014/10/21 09:02:07 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
[2014/10/15 19:31:11 | 000,001,158 | ---- | C] () -- C:\Users\Owner\Desktop\TweakBit PCBooster.lnk
[2014/10/15 12:37:34 | 000,001,158 | ---- | C] () -- C:\Users\Owner\Desktop\TweakBit PCCleaner.lnk
[2014/10/15 12:37:13 | 000,001,130 | ---- | C] () -- C:\Users\Owner\Desktop\TweakBit FixMyPC.lnk
[2014/10/14 21:19:59 | 000,000,030 | ---- | C] () -- C:\override.ini
[2014/10/13 09:13:57 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/10/03 19:46:46 | 000,010,754 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values.EML
[2014/10/03 19:40:34 | 000,026,051 | ---- | C] () -- C:\Users\Owner\Desktop\Oct 2014 IncrediMail Exported Contacts (csv format).csv
[2014/10/03 16:13:07 | 000,002,182 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/09/25 10:41:05 | 000,004,096 | ---- | C] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2014/09/20 12:57:13 | 000,165,888 | ---- | C] () -- C:\Windows\SysWow64\ihvwapi.dll
[2014/09/20 12:57:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/01/30 16:59:22 | 000,000,485 | ---- | C] () -- C:\Windows\Viewer.INI
[2014/01/30 15:38:02 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2014/01/24 14:47:59 | 000,000,509 | ---- | C] () -- C:\Windows\cdplayer.ini
[2014/01/24 14:44:02 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2014/01/21 21:28:57 | 000,000,332 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\FotoSketcher.ini
[2014/01/17 17:48:23 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\bibstats
[2014/01/11 13:40:32 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2014/01/10 12:38:13 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2014/01/10 12:38:13 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2014/01/10 12:38:12 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cdTextCtl.dll
[2014/01/09 15:55:23 | 000,845,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/06 16:08:35 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/05 19:48:50 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2014/01/04 14:14:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/12/31 20:44:03 | 000,026,683 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013/12/31 10:39:03 | 005,301,936 | ---- | C] () -- C:\Windows\rapidui.exe
[2013/12/31 10:25:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/12/31 10:25:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/10/22 09:50:04 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013/10/22 09:48:02 | 000,707,072 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013/07/23 19:18:54 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013/07/23 19:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013/07/23 19:18:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013/07/23 19:18:40 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2012/11/30 12:40:48 | 000,002,478 | ---- | C] () -- C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 23:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 22:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/30 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ancestry.com
[2014/01/22 13:27:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Anthropics
[2014/05/22 14:26:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.prakaz.project.photogettr
[2013/12/31 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ControlCenter4
[2014/01/15 09:19:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Cut It Out
[2014/10/22 09:36:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2014/08/22 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2014/10/14 20:13:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeHideIP
[2014/01/07 12:41:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2014/01/10 06:44:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leawo
[2014/01/24 14:24:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAGIX
[2014/01/10 06:44:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
[2014/01/21 14:29:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies
[2014/03/23 07:19:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MyHeritage
[2014/01/03 21:49:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nik Software
[2014/01/03 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\No Company Name
[2014/01/02 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nuance
[2014/02/02 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\onOne Software
[2014/10/22 09:36:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ParetoLogic
[2014/10/05 11:51:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PPT2Video
[2014/01/03 10:44:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PresentationPro
[2014/10/25 09:24:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\rmi
[2014/05/13 08:06:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SAMSUNG
[2014/10/25 07:32:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Secura
[2014/01/06 17:01:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SmartDraw
[2014/01/10 18:38:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Summitsoft
[2014/01/04 18:25:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Systweak
[2013/12/31 13:36:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Temp
[2014/01/30 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2014/10/22 01:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TweakBit
[2014/01/01 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2014/01/11 07:15:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Western Digital
[2014/09/24 19:49:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\XMind
[2014/10/22 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0574215C
@Alternate Data Stream - 143 bytes -> C:\Users\Owner\AppData\Roaming\Comma Separated Values.EML:OECustomProperty

< End of report >

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,663 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → Help removing a suspected Trojan Started by RobJames , 01 Feb 2024 FXSAPIDebugLogFile and 2 more...	11 replies 11,009 views	RKinner 07 Feb 2024
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,223 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Virus Infection Started by ForrestGump , 05 Oct 2022 Virus 1 2 3 8 →	Hot 110 replies 15,917 views	RKinner 14 Nov 2022
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,859 views	JcTcom 18 Aug 2022

Access Denied, Permissions Changed, Folder Duplications

#1
Shammah

Posted 25 October 2014 - 07:55 AM

Advertisements

Similar Topics

Also tagged with one or more of these keywords: virus, malware removal, access denied, files & folders duplicated, phishing, web browser security removed, malwarebytes

Having Powersheel.exe Issues ... Need fixlist.txt

Help removing a suspected Trojan

HP desktop - google.com is in Norwegian [Solved]

Virus Infection

Checkmate Ransomware detection / removal?

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Access Denied, Permissions Changed, Folder Duplications

#1 Shammah Posted 25 October 2014 - 07:55 AM

Advertisements

Similar Topics

Also tagged with one or more of these keywords: virus, malware removal, access denied, files & folders duplicated, phishing, web browser security removed, malwarebytes

0 user(s) are reading this topic

As Featured On:

Connect With Us

Sign In

#1
Shammah

Posted 25 October 2014 - 07:55 AM