TechSpot

Multiple processes with *32 in task manager and getting pop-ups adware

By MMyers2015
Mar 18, 2015
  1. I recently downloaded and installed a PDF to JPG converter and this seems to be when my problems began. Some of the pop-ups are video/audio, others are trying to get me to click to remove viruses, etc.

    Can anyone help with this? Help!

    MMyers
     
  2. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Administrator (administrator) on WINDOWS-D9P51W1 on 18-03-2015 19:50:49
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available profiles: Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (IBM) C:\IBM\Lotus\Notes\nsd.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    (IBM Corp) C:\IBM\Lotus\Notes\ntmulti.exe
    (Nortel Networks) C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    (Cisco Consumer Products LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {13e55ffb-37d1-11e2-aa5c-005056c00008} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {50624367-801d-11e2-8375-005056c00008} - G:\setup.exe -a
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {61634bee-a757-11e1-b1f2-005056c00008} - "E:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {972e6db2-95b9-11e1-86c8-005056c00008} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {dc339e0d-5f82-11e0-9194-005056c00008} - H:\LaunchU3.exe -a
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
    SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> {F230415A-9F9E-40B3-88C9-98D05D0A0604} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll [2011-02-04] (McAfee, Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll [2011-02-04] (McAfee, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
    Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2014-06-09] (Microsoft Corporation)
    Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
    Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
    Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
    Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73}: [NameServer] 161.145.28.3,161.145.106.48

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-13] ()
    FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-01-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Extension: Default Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\DefaultManager@Microsoft [2012-04-30]
    FF Extension: Strong Signal - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\{6a37a6df-cdc9-4482-9257-c1fac286b4a9}.xpi [2015-03-17]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional
    CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional"
    CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
    CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs...CtCtB&cr=1783096704&a=wny_ir_15_12&os=Windows 7 Professional&p={searchTerms}
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Strong Signal) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aamaaompokdjbebnfbcfobpkklfkmddp [2015-03-17]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
    CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
    StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
    R2 Lotus Notes Diagnostics; C:\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [20792 2011-02-04] (McAfee, Inc.)
    R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
    S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [181480 2011-02-04] (McAfee, Inc.)
    R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66880 2011-02-04] (McAfee, Inc.)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [77968 2011-02-04] (McAfee, Inc.)
    R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
    R2 Multi-user Cleanup Service; C:\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
    R2 NvcSvcMgr; C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AE6000; C:\Windows\System32\DRIVERS\AE6000w764.sys [2196512 2013-01-25] (Ralink Technology Corp.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [98216 2011-02-04] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120352 2011-02-04] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464384 2011-02-04] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [79536 2011-02-04] (McAfee, Inc.)
    R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-02-04] (McAfee, Inc.)
    S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
    R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
    R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
    S3 OV550I; C:\Windows\System32\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
    S3 OV550I; C:\Windows\SysWOW64\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
    S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [18480 2010-01-23] (VMware, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-18 19:50 - 2015-03-18 19:51 - 00021853 _____ () C:\Users\Administrator\Downloads\FRST.txt
    2015-03-18 19:50 - 2015-03-18 19:50 - 00000000 ____D () C:\FRST
    2015-03-18 18:45 - 2015-03-18 19:50 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-18 18:45 - 2015-03-18 18:45 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-18 18:29 - 2015-03-18 18:42 - 00000000 ____D () C:\AdwCleaner
    2015-03-18 18:27 - 2015-03-18 18:27 - 00468480 _____ () C:\Users\Administrator\Downloads\CKScanner.exe
    2015-03-18 18:26 - 2015-03-18 18:26 - 02095616 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2015-03-18 18:24 - 2015-03-18 18:24 - 18816600 _____ () C:\Users\Administrator\Downloads\RogueKillerX64.exe
    2015-03-18 18:21 - 2015-03-18 18:21 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112 (1).exe
    2015-03-18 18:20 - 2015-03-18 18:20 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112.exe
    2015-03-18 15:55 - 2015-03-18 15:55 - 142302968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
    2015-03-18 14:36 - 2015-03-18 18:53 - 00088613 _____ () C:\Windows\WindowsUpdate.log
    2015-03-18 14:32 - 2015-03-18 18:43 - 00000224 _____ () C:\Windows\setupact.log
    2015-03-18 14:32 - 2015-03-18 14:32 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-18 07:32 - 2015-03-18 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-18 07:31 - 2015-03-18 07:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-18 07:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-18 07:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-18 07:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-18 03:05 - 2015-03-18 03:05 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
    2015-03-18 03:02 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2015-03-18 03:02 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2015-03-18 03:02 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2015-03-18 03:02 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2015-03-18 03:02 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2015-03-18 03:02 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2015-03-18 03:02 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2015-03-18 03:02 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2015-03-17 22:44 - 2015-03-17 22:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.4.1028.exe
    2015-03-17 22:27 - 2015-03-17 22:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-17 20:00 - 2015-03-17 20:00 - 00000967 _____ () C:\Windows\wininit.ini
    2015-03-17 19:01 - 2015-03-18 14:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-03-17 19:01 - 2015-03-17 19:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-03-17 19:01 - 2015-03-17 19:01 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-03-17 19:01 - 2015-03-17 19:01 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-03-17 19:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2015-03-17 18:13 - 2015-03-17 18:13 - 00000000 ____D () C:\SUPERDelete
    2015-03-17 18:12 - 2015-03-17 18:12 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-03-17 18:09 - 2015-03-17 18:09 - 05325696 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup503.exe
    2015-03-17 18:08 - 2015-03-17 18:08 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybot-2.4.exe
    2015-03-17 18:06 - 2015-03-17 18:06 - 21440384 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
    2015-03-17 18:04 - 2015-03-17 18:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-03-17 18:04 - 2015-03-17 18:04 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-03-17 18:02 - 2015-03-17 18:02 - 00243368 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 36.0.1.exe
    2015-03-17 12:01 - 2015-03-17 12:01 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362 (1).msi
    2015-03-17 11:57 - 2015-03-17 11:57 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362.msi
    2015-03-17 10:14 - 2015-03-17 10:14 - 00000464 __RSH () C:\ProgramData\ntuser.pol
    2015-03-16 18:34 - 2015-03-16 18:34 - 00089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
    2015-03-16 17:13 - 2015-03-16 17:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Free_PDF_Solutions
    2015-03-16 16:17 - 2015-03-16 16:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Free PDF Solutions
    2015-03-16 16:16 - 2015-03-16 16:14 - 16394253 _____ (Free PDF Solutions) C:\Users\Administrator\Downloads\pdftojpg_setup [1].exe
    2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
    2015-03-16 16:13 - 2015-03-16 16:14 - 00993696 _____ ( ) C:\Users\Administrator\Downloads\pdftojpg_setup.exe
    2015-03-16 14:49 - 2015-03-16 14:49 - 00014676 _____ () C:\Users\Administrator\Desktop\BULLETIN 3-11-15.txt
    2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015.pages
    2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015 (1).pages
    2015-03-12 09:15 - 2015-03-12 09:15 - 39401336 _____ (Apple Inc.) C:\Users\Administrator\Downloads\QuickTimeInstaller (2).exe
    2015-03-11 13:13 - 2015-03-11 13:44 - 00030399 _____ () C:\Users\Administrator\Documents\2015TAXES_2.xlsx
    2015-03-11 12:36 - 2015-03-12 19:11 - 00030382 _____ () C:\Users\Administrator\Documents\2015TAXES.xlsx
    2015-03-10 17:05 - 2015-03-10 17:05 - 00045315 _____ () C:\Users\Administrator\Downloads\EXPORT (15).CSV
    2015-03-10 17:04 - 2015-03-11 12:35 - 00042020 _____ () C:\Users\Administrator\Downloads\EXPORT (14).CSV
    2015-03-06 11:32 - 2015-03-06 11:32 - 00724507 _____ () C:\Users\Administrator\Downloads\FedEx_Service_Update_2015-03-06_8AM_vf.xlsx
    2015-03-05 09:59 - 2015-03-18 14:32 - 00001037 _____ () C:\Windows\SysWOW64\debug.log
    2015-03-03 16:14 - 2015-03-03 20:12 - 00000000 ____D () C:\ProgramData\FitbitConnect
    2015-03-03 16:14 - 2015-03-03 16:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
    2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
    2015-03-03 16:10 - 2015-03-03 16:10 - 32688488 _____ (Fitbit Inc.) C:\Users\Administrator\Downloads\FitbitConnect_Win_20141107_2.0.0.6512.exe
    2015-02-18 14:58 - 2015-02-18 15:07 - 47157614 _____ () C:\Users\Administrator\Documents\D7K_9882_pp1.xcf
    2015-02-18 12:38 - 2015-02-18 12:38 - 45808412 _____ () C:\Users\Administrator\Documents\D7K_9878_pp1.xcf

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-18 19:49 - 2014-07-16 18:21 - 00000554 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job
    2015-03-18 19:47 - 2012-10-05 17:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-18 19:30 - 2011-04-12 00:39 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job
    2015-03-18 19:17 - 2012-03-02 16:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-18 18:51 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-18 18:51 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-18 18:50 - 2009-07-14 01:13 - 00730592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-18 18:44 - 2012-03-02 16:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-18 18:44 - 2010-02-10 17:19 - 00000000 ____D () C:\ProgramData\VMware
    2015-03-18 18:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-18 18:34 - 2013-02-26 13:38 - 00000000 ____D () C:\Temp
    2015-03-18 18:05 - 2011-03-15 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
    2015-03-18 14:36 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
    2015-03-18 14:32 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
    2015-03-18 13:39 - 2012-10-05 17:54 - 00000000 ____D () C:\Program Files\Google
    2015-03-18 13:39 - 2011-03-15 12:22 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-03-18 12:00 - 2011-03-15 12:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2015-03-18 09:02 - 2011-04-11 23:51 - 00000000 ____D () C:\Users\Administrator\SametimeTranscripts
    2015-03-18 08:59 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
    2015-03-18 03:01 - 2010-02-11 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-17 22:28 - 2012-07-19 17:28 - 00000000 ____D () C:\Windows\Minidump
    2015-03-17 22:28 - 2010-02-10 19:05 - 00000000 ____D () C:\Windows\Panther
    2015-03-17 18:05 - 2011-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
    2015-03-17 18:04 - 2011-03-15 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-17 14:30 - 2011-04-12 00:39 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job
    2015-03-17 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
    2015-03-16 18:53 - 2015-02-05 22:48 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
    2015-03-16 18:34 - 2015-02-05 22:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
    2015-03-10 09:26 - 2011-04-13 10:09 - 00000000 ____D () C:\Users\Administrator\Documents\LBSLC
    2015-03-07 23:48 - 2014-07-16 18:21 - 00003614 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500
    2015-02-24 04:17 - 2010-02-10 17:31 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-02-23 11:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

    ==================== Files in the root of some directories =======

    2011-08-26 17:26 - 2011-08-26 17:26 - 0000272 _____ () C:\Users\Administrator\AppData\Roaming\.backup.dm
    2012-11-28 12:12 - 2015-02-02 23:44 - 0000570 _____ () C:\Users\Administrator\AppData\Roaming\gmic_faves
    2012-11-28 10:42 - 2014-01-22 18:48 - 0001062 _____ () C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz
    2013-11-14 21:32 - 2013-11-14 21:32 - 0893239 _____ () C:\Users\Administrator\AppData\Local\a.zip
    2013-11-14 21:32 - 2013-11-14 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll
    2015-03-16 18:34 - 2015-03-16 18:34 - 0089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
    2015-02-09 12:46 - 2015-02-09 12:46 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
    C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


    Some zero byte size files/folders:
    ==========================
    C:\Windows\SysWOW64\sqljdbc_auth.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-16 14:28

    ==================== End Of Log ============================
     
  3. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Administrator at 2015-03-18 19:51:23
    Running from C:\Users\Administrator\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee VirusScan Enterprise (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BMC Remedy Action Request System 7.5.00 Install 1 (HKLM-x32\...\ARSystem 1) (Version: 7.5.0.2 - BMC Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
    Crystal11_Redistributables (HKLM-x32\...\{154A9EEB-05FC-45E6-B7BD-75D27ED02276}) (Version: 1.00.0000 - BMC Software Inc.)
    CSC VPN CLIENT (HKLM\...\{4EC5CF64-2E59-411D-0301-120101004016}) (Version: 10.04.016 - Nortel Networks)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    G'MIC for GIMP version 1.5.8.2 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.5.8.2 - )
    Google Chrome (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GoToMeeting 7.1.2.2417 (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\GoToMeeting) (Version: 7.1.2.2417 - CitrixOnline)
    IBM Lotus Sametime Advanced Embedded 8.5.1 (HKLM-x32\...\{AE1C5284-571C-41E9-AE8C-77F8B21B2251}) (Version: 8.5.1.20100709-1631 - IBM)
    IBM Lotus Sametime Connect 8.0.2 (HKLM-x32\...\{A2EF91BA-068C-4F6D-B6ED-52D1D272ED8F}) (Version: 8.02.081205 - IBM)
    iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
    Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
    ImageScanTool x64 1.023 (HKLM\...\{C97F4875-E097-4702-A2D8-494FEAB99CDF}) (Version: 1.00.2300 - Image Scan Tool)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lotus Notes 8.5.2 (HKLM-x32\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Agent (HKLM-x32\...\{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}) (Version: 4.0.0.1345 - McAfee, Inc.)
    McAfee AntiSpyware Enterprise Module (HKLM-x32\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.7.0.129 - McAfee, Inc.)
    McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.00005 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola)
    MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
    Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PE Photo (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\PE Photo) (Version: - PE Photo)
    Portrait Professional 11.2 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.2 - Anthropics Technology Ltd.)
    Portrait Professional 11.2 Trial (HKLM-x32\...\PortraitProfessional11Trial_is1) (Version: 11.2 - Anthropics Technology Ltd.)
    QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    Spotify (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.0.1.11056 - VMware, Inc)
    VMware Workstation (x32 Version: 7.0.1.11056 - VMware, Inc.) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    18-03-2015 03:00:20 Windows Update
    18-03-2015 11:36:23 Removed WeatherApp
    18-03-2015 11:52:33 Removed Free PDF to JPG Converter

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {013516AD-B455-40CB-A6B7-830AB1B56AAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {09677A8C-D4A0-48BE-B871-9A166BF0702C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {1331D7AF-B214-41CD-AE01-F60AC6128A89} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {232F09E8-4D68-4660-BD71-E5E1AD601BD2} - System32\Tasks\{E348C0BA-9755-4039-B6E7-D94CEB4084FA} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {240DB126-3A43-41F7-9913-EA76681591B2} - System32\Tasks\{00DB029D-CC01-41C3-8A03-C0B6D07D50B8} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {246D5036-8289-4928-8F1A-23612358B959} - System32\Tasks\{6F0E4623-C9C1-4B1D-892E-0539FAA66FD4} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
    Task: {25925360-67A8-4636-9E9B-C8036FF12192} - System32\Tasks\{C4BC7C92-CECA-4813-A75F-A820D549B384} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {2D3D18C4-486B-443C-90FE-784BBB3AD25A} - System32\Tasks\{B27D859E-2C14-4BE6-987F-2645C91508B8} => pcalua.exe -a C:\SUPPORT\LOTUSN~1.2\CSC-EN~1.EXE -d C:\SUPPORT\LOTUSN~1.2
    Task: {30AC5B0A-5BB0-4341-896B-E8C55ADAA894} - System32\Tasks\{417F94B9-E78D-46B5-81FE-2C9C23A68F7B} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {30E39869-55AD-446E-9602-8DC57E6CBEDB} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {5331A84A-73FA-4FE0-B9CB-B8548ED2C7EC} - System32\Tasks\{08683B08-8A73-4CC3-8C41-CDACF091656E} => pcalua.exe -a C:\Users\Administrator\Downloads\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Downloads
    Task: {5EA19D18-BF92-4524-A5D2-B0C16359B669} - System32\Tasks\{9D37C61C-EEB1-4D81-976D-0F8C37DD2F4B} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
    Task: {627DBF91-8FA7-4B86-97F1-335BD97A9D96} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2012-12-20] (Cisco Consumer Products LLC)
    Task: {6772758C-AA01-4D1B-8C7B-8BF97E4D5739} - System32\Tasks\{0FF4EC9A-1751-4F34-8043-921DA55D4465} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {6A1A92DD-2FA4-4996-9406-BC69F8A0987A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {7390525C-55A4-4CD3-928F-156EC3F6B930} - System32\Tasks\{027630B8-011F-464A-A843-A0A80D2E03C3} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
    Task: {83C20026-11BE-4C54-A6FE-E2721003EC57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {8486BDA2-CA38-494D-8DD0-8569D8738BE2} - System32\Tasks\{22788ACD-C416-4047-ABC9-1CFC8947D63A} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQGYG88U\g2m_codec.exe" -d C:\Users\Administrator\Desktop
    Task: {8B3C2831-65E7-4274-904B-DFBAE3232F0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {8D1209F3-A52E-4FBA-88F6-03300AC897BB} - System32\Tasks\{7577965B-3197-4B06-A7B4-C4BBE221DDEF} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {8DA43660-72DD-4552-BE77-C6D2FE986350} - System32\Tasks\{86EB6777-604A-4633-A9AD-7AAC43E039B8} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
    Task: {92DC2FD2-106F-43A6-8BC6-496D0F48371A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {A29C6832-03CE-464B-9CBD-A843E4EA5028} - System32\Tasks\{318AA446-E7B9-4FCA-B788-5445178A14C1} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {A3385135-5E90-4CCC-998D-A24B143E1D82} - System32\Tasks\{F90D1AA4-5B18-43BA-B838-3C62C3535894} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {A6649822-72E9-47E0-B5CF-699AB48A9D21} - System32\Tasks\{CAD2216B-3623-48EC-863E-74B5498F21EB} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {AA3B95BE-48AE-4A45-AE19-DE20920B639C} - System32\Tasks\{DB18C36F-33DD-481F-9A3B-E2AAC511C86B} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
    Task: {B6D880A8-9FC1-49C4-B89F-55109D765845} - System32\Tasks\{257B6798-5C44-4452-BE72-0E648E563431} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-EAC486102d.exe -d C:\Users\Administrator\Desktop
    Task: {C0EF7ADB-0A02-4DB6-94A8-446370DFA461} - System32\Tasks\{E73B4441-CB71-4C7A-BDE6-11F91BF4702A} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {C4DE6137-8410-42EB-8B80-264D64B2F835} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {C9762CCC-1C19-488D-9E01-88F6589FA108} - System32\Tasks\{D4632EC1-4BB2-4D63-B35B-85B588369A70} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {CA4D50A8-2040-4215-BD12-CBFD58639784} - System32\Tasks\{99BE8628-99D1-45D7-AA19-AFC8C32DBE79} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {CD263579-2B1C-49F1-BD33-CD38FF2D5B1D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500 => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {D528E0D2-5743-4ADC-8839-E5837F495DDA} - System32\Tasks\{2E7DAC13-7A79-4CB0-9ADA-C9ED336C186C} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {D6134159-3D31-49DB-A99E-172A6C9DB18D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
    Task: {E9D1321A-C547-4768-B4F3-4EFCCE9604C9} - System32\Tasks\{7BD15685-CFD9-4820-B183-B4A17CABE4C3} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {F2E6BCE5-BF53-49FA-878E-1FC0CBDC2B51} - System32\Tasks\{AD01C043-5FAD-44C3-860B-E0609A5F40A6} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {FDE32750-1E88-4E29-B034-023D43B4C79C} - System32\Tasks\{AD82B8C8-20CA-4957-BC40-7A3327F5C69F} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Desktop
    Task: {FF61A556-FDB6-4F03-B8A2-A86EB6FF83EA} - System32\Tasks\{F0EABA7B-2FC2-427C-A9A9-EF1C5140BC46} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Loaded Modules (whitelisted) ==============

    2011-01-27 17:13 - 2011-01-27 17:13 - 00226624 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    2011-01-27 17:13 - 2011-01-27 17:13 - 00673088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
    2009-01-16 17:00 - 2009-01-16 17:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
    2009-04-29 21:07 - 2009-04-29 21:07 - 00148816 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsEvntUI.dll
    2015-03-17 19:01 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-03-17 19:01 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-03-17 19:01 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-03-17 19:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-03-17 19:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2010-01-23 02:13 - 2010-01-23 02:13 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
    2010-01-23 02:13 - 2010-01-23 02:13 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
    2014-07-24 22:10 - 2012-11-27 15:12 - 01210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: bthserv => 3
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
    MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    MSCONFIG\startupreg: NVC => "C:\Program Files\CSC VPN CLIENT\Nvc.exe" -autostart
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    MSCONFIG\startupreg: Spotify => "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: vmware-tray => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2979728093-1124239313-4181705486-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2979728093-1124239313-4181705486-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2979728093-1124239313-4181705486-1004 - Limited - Enabled)
    __vmware_user__ (S-1-5-21-2979728093-1124239313-4181705486-1001 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Intel(R) 82567LM-3 Gigabit Network Connection
    Description: Intel(R) 82567LM-3 Gigabit Network Connection
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel
    Service: e1kexpress
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)

    Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: The Windows Search Service cannot load the property store information.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

    Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
    Description: The Windows Search Service cannot open the Jet property store.


    Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))

    Error: (03/18/2015 02:32:17 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhost (2484) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100012.log.


    System errors:
    =============
    Error: (03/18/2015 06:46:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 06:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VMware USB Arbitration Service service failed to start due to the following error:
    %%109

    Error: (03/18/2015 06:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
    %%109

    Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2011-04-27 15:31:04.825
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-27 14:27:28.058
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-27 13:58:40.816
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-27 13:28:10.543
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-27 12:53:00.053
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-27 10:47:49.390
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-27 10:14:21.287
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-27 09:17:25.644
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-26 16:12:05.940
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

    Date: 2011-04-26 14:52:11.441
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
    Percentage of memory in use: 37%
    Total physical RAM: 6013.59 MB
    Available physical RAM: 3761.31 MB
    Total Pagefile: 12411.77 MB
    Available Pagefile: 10417.93 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:298.09 GB) (Free:121.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8F917E89)
    Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    RogueKiller V10.5.5.0 (x64) [Mar 16 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Users\Administrator\Downloads\RogueKillerX64.exe
    Mode : Delete -- Date : 03/18/2015 21:07:57

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 15 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2221C6F4-DCD5-4210-8DF1-F9BE8E1CEBA7} | DhcpNameServer : 98.159.192.3 98.159.192.2 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73} | NameServer : 161.145.28.3,161.145.106.48 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A77D94E8-88F7-4243-9AF3-1287128034F2} | DhcpNameServer : 198.224.181.135 198.224.178.135 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2221C6F4-DCD5-4210-8DF1-F9BE8E1CEBA7} | DhcpNameServer : 98.159.192.3 98.159.192.2 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73} | NameServer : 161.145.28.3,161.145.106.48 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A77D94E8-88F7-4243-9AF3-1287128034F2} | DhcpNameServer : 198.224.181.135 198.224.178.135 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2221C6F4-DCD5-4210-8DF1-F9BE8E1CEBA7} | DhcpNameServer : 98.159.192.3 98.159.192.2 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73} | NameServer : 161.145.28.3,161.145.106.48 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A77D94E8-88F7-4243-9AF3-1287128034F2} | DhcpNameServer : 198.224.181.135 198.224.178.135 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3320418AS +++++
    --- User ---
    [MBR] fae58d412ce8c29d83b612c1d52ad160
    [BSP] c6e7c7dcc6a8224c913a9abf72999101 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_03182015_191015.log - RKreport_DEL_03182015_192412.log - RKreport_DEL_03182015_195016.log - RKreport_DEL_03182015_195018.log
    RKreport_SCN_03182015_185802.log - RKreport_SCN_03182015_192129.log - RKreport_SCN_03182015_210733.log
     
  6. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/18/2015
    Scan Time: 9:10:59 PM
    Logfile: MBAMSCANLOG.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.03.19.01
    Rootkit Database: v2015.02.25.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 351288
    Time Elapsed: 12 min, 33 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    # AdwCleaner v4.112 - Logfile created 18/03/2015 at 21:32:07
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-15.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Administrator - WINDOWS-D9P51W1
    # Running from : C:\Users\Administrator\Downloads\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;192.168.*.*

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Mozilla Firefox v36.0.1 (x86 en-US)


    -\\ Google Chrome v

    [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional&p={searchTerms}

    *************************

    AdwCleaner[R0].txt - [9335 bytes] - [18/03/2015 18:29:28]
    AdwCleaner[R1].txt - [1035 bytes] - [18/03/2015 18:35:34]
    AdwCleaner[R2].txt - [1154 bytes] - [18/03/2015 18:40:15]
    AdwCleaner[R3].txt - [1954 bytes] - [18/03/2015 21:29:22]
    AdwCleaner[S0].txt - [9562 bytes] - [18/03/2015 18:32:23]
    AdwCleaner[S1].txt - [1104 bytes] - [18/03/2015 18:37:36]
    AdwCleaner[S2].txt - [1223 bytes] - [18/03/2015 18:42:20]
    AdwCleaner[S3].txt - [1885 bytes] - [18/03/2015 21:32:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1944 bytes] ##########
     
  8. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.5 (03.17.2015:1)
    OS: Windows 7 Professional x64
    Ran by Administrator on Wed 03/18/2015 at 21:39:41.82
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1DE6B792-10E8-4CE7-80BE-D9D43C45CDB8}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1FB38D77-92D2-4878-9124-DDAF0AD23211}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{38DA712B-7ACF-43BB-92A5-C96EDC95A565}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3E9DAA6F-BA6F-49A4-B0EB-41558D1AF75C}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{427FF982-2CB9-4972-846C-722FF3E886F1}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{57E61065-56FC-4193-AC8A-4EF89542AD48}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5B4A071B-184C-4FD9-AE1D-E6893A03A7C8}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5BBDF7AF-6408-4374-9658-CD2BC854074B}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{86D2E724-4144-4E78-96E6-949E62B2DF83}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8E297C56-55EF-4A60-AE87-52185D0CACA5}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A60C4157-D0EA-4EDC-A5F0-CF9D909383B0}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C6C2FAB1-683B-492D-97AC-0FD0E0533BBC}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C8762709-0A07-4140-A64D-D7186FC88F80}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D84E0EE3-A944-44A0-B54A-8F2E8F9CDAA6}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DCB9F66B-B86A-4D02-9F2B-3160CE6917A7}
    Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F26DC3A4-696E-4500-BD21-C415A691C778}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 03/18/2015 at 21:46:00.12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    I can't for the life of me get it to end!!!

    upload_2015-3-18_22-31-5.png
     
  11. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    It will not let me stop mfevtp for McAfee.

    upload_2015-3-18_22-34-2.png
     

    Attached Files:

  12. Broni

    Broni Malware Annihilator Posts: 52,915   +344

  13. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    ComboFix 15-03-14.03 - Administrator 03/19/2015 7:36.1.4 - x64 MINIMAL
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6014.4388 [GMT -4:00]
    Running from: c:\users\Administrator\Downloads\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\desktop.ini
    c:\programdata\ntuser.pol
    c:\users\Administrator\g2mdlhlpx.exe
    c:\windows\msdownld.tmp
    c:\windows\SysWow64\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-19 to 2015-03-19 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-19 11:42 . 2015-03-19 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-19 00:13 . 2015-01-29 05:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E56F83F1-C982-4B09-AD18-87EF49B9B1B1}\mpengine.dll
    2015-03-19 00:13 . 2015-03-19 00:13 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FD05FF9-A944-4A68-9D21-EF4A2D65E469}\gapaengine.dll
    2015-03-19 00:13 . 2015-01-29 05:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-03-19 00:12 . 2015-03-19 00:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2015-03-19 00:12 . 2015-03-19 00:12 -------- d-----w- c:\program files\Microsoft Security Client
    2015-03-18 23:50 . 2015-03-18 23:52 -------- d-----w- C:\FRST
    2015-03-18 22:45 . 2015-03-19 00:56 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-18 22:45 . 2015-03-18 23:50 -------- d-----w- c:\programdata\RogueKiller
    2015-03-18 22:29 . 2015-03-19 01:32 -------- d-----w- C:\AdwCleaner
    2015-03-18 11:47 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27B28CA5-C56C-4F98-A2A9-E60AAB6BD847}\mpengine.dll
    2015-03-18 11:32 . 2015-03-19 01:34 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-18 11:31 . 2014-11-21 10:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-03-18 11:31 . 2015-03-18 11:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-03-18 11:31 . 2015-03-18 11:31 -------- d-----w- c:\programdata\Malwarebytes
    2015-03-18 11:31 . 2014-11-21 10:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-03-18 11:31 . 2014-11-21 10:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-03-18 07:05 . 2015-03-18 07:05 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2015-03-18 07:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
    2015-03-18 07:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
    2015-03-18 07:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2015-03-18 07:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
    2015-03-18 07:02 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
    2015-03-18 07:02 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2015-03-18 07:02 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
    2015-03-18 07:02 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2015-03-18 02:27 . 2015-03-18 02:27 -------- d-----w- c:\program files\CCleaner
    2015-03-17 23:01 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
    2015-03-17 23:01 . 2015-03-18 18:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2015-03-17 23:01 . 2015-03-17 23:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2015-03-17 22:13 . 2015-03-17 22:13 -------- d-----w- C:\SUPERDelete
    2015-03-17 22:12 . 2015-03-17 22:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-17 22:12 . 2015-03-17 22:12 -------- d-----w- c:\program files\SUPERAntiSpyware
    2015-03-17 22:12 . 2015-03-17 22:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2015-03-16 21:13 . 2015-03-16 21:13 -------- d-----w- c:\users\Administrator\AppData\Local\Free_PDF_Solutions
    2015-03-16 20:17 . 2015-03-16 20:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Free PDF Solutions
    2015-03-16 20:14 . 2015-03-16 20:14 -------- d-----w- c:\program files (x86)\Free Downloads
    2015-03-03 20:14 . 2015-03-03 20:22 -------- d-----w- c:\programdata\boost_interprocess
    2015-03-03 20:14 . 2015-03-04 00:12 -------- d-----w- c:\programdata\FitbitConnect
    2015-03-03 20:14 . 2015-03-03 20:14 -------- d-----w- c:\program files (x86)\Fitbit Connect
    2015-02-18 13:47 . 2015-02-18 13:47 17323192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
    2015-02-17 20:04 . 2015-02-17 20:04 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-27 01:14 . 2010-02-11 20:21 122905848 ----a-w- c:\windows\system32\MRT.exe
    2015-02-24 08:17 . 2010-02-10 21:31 295552 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
    R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\ibm\Lotus\Notes\nsd.exe;c:\ibm\Lotus\Notes\nsd.exe [x]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
    R2 NvcSvcMgr;Nortel VPN Client;c:\program files\CSC VPN CLIENT\NvcSvcMgr.exe;c:\program files\CSC VPN CLIENT\NvcSvcMgr.exe [x]
    R2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys;c:\windows\SYSNATIVE\DRIVERS\nvcwfpco.sys [x]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
    R3 AE6000;Linksys AE6000 Driver;c:\windows\system32\DRIVERS\AE6000w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE6000w764.sys [x]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys;c:\windows\SYSNATIVE\DRIVERS\ntnvca.sys [x]
    R3 OV550I;Film and Photo Scanner;c:\windows\system32\Drivers\OVTX16.sys;c:\windows\SYSNATIVE\Drivers\OVTX16.sys [x]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R4 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [x]
    R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{4E90AD03-7AA2-462A-A792-A393C270ACED}]
    2009-07-14 01:14 398336 ----a-w- c:\windows\System32\regedit.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 12:47]
    .
    2015-03-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-03-17 15:52]
    .
    2015-03-19 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job
    - c:\program files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-08 03:48]
    .
    2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 19:00]
    .
    2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 19:00]
    .
    2015-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 13:13]
    .
    2015-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 13:13]
    .
    2015-03-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-03-17 14:41]
    .
    2015-03-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-03-17 14:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = ;192.168.*.*
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73}: NameServer = 161.145.28.3,161.145.106.48
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-PE Photo - c:\windows\system32\javaws.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d3,
    c5,7b,f0,36,06,a0,76,dd,65,c0,87,cf,b1
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,0f,
    68,ce,82,41,03,aa,e9,95,9a,f0,9b,6a,5b
    "{C723A437-2EAF-466D-A95B-3FA0966BF88C}"=hex:51,66,7a,6c,4c,1d,3b,1b,27,b8,38,
    d9,91,7a,00,03,b5,59,7e,e0,97,29,bf,94
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:f7,1d,1d,65,a0,76,cd,01
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,e3,51,79,be,b1,5b,48,bd,c3,cf,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,1d,65,d1,85,17,88,4b,a4,cc,33,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,42,5c,5c,f9,54,15,4a,95,1e,cb,\
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Word.Document.12"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="msg_auto_file"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.PARTIAL"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.SVG"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.WEBSITE"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xcf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="GIMP-2.8-xcf"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-03-19 07:44:58
    ComboFix-quarantined-files.txt 2015-03-19 11:44
    .
    Pre-Run: 120,292,683,776 bytes free
    Post-Run: 120,312,700,928 bytes free
    .
    - - End Of File - - DBD1D8BE68E4245BBD0FEABAD0AEBCE1
    A36C5E4F47E84449FF07ED3517B43A31
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Why do I see Microsoft Security Essentials listed in Combofix?
    It wasn't running when you posted FRST logs.
     
  15. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    Sorry, but I have no idea. I ran Combofix in SafeMode per instructions.
     
  16. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    And I installed it per Step 1 in the instructions: UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions
     
  17. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You already have McAfee running.
    You can't be running two AV programs.
    Uninstall MSE.
     
  18. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    Ok. Done. Uninstalled.
     
  19. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    Do I need to reboot after uninstalling?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It may be a good idea.

    Re-run Farbar Recovery Scan Tool (FRST) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  21. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    FIRST HALF OF FRST.TXT FILE:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Administrator (administrator) on WINDOWS-D9P51W1 on 20-03-2015 18:07:47
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available profiles: Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (IBM) C:\IBM\Lotus\Notes\nsd.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    (IBM Corp) C:\IBM\Lotus\Notes\ntmulti.exe
    (Nortel Networks) C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe
    (VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    (Cisco Consumer Products LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> {F230415A-9F9E-40B3-88C9-98D05D0A0604} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll [2011-02-04] (McAfee, Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll [2011-02-04] (McAfee, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
    Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2015-02-19] (Microsoft Corporation)
    Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
    Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
    Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
    Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73}: [NameServer] 161.145.28.3,161.145.106.48

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-13] ()
    FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008-08-16] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-01-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-26] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
    FF Extension: Default Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\DefaultManager@Microsoft [2012-04-30]
    FF Extension: Strong Signal - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\{6a37a6df-cdc9-4482-9257-c1fac286b4a9}.xpi [2015-03-17]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional
    CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional"
    CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
    CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs...CtCtB&cr=1783096704&a=wny_ir_15_12&os=Windows 7 Professional&p={searchTerms}
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Strong Signal) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aamaaompokdjbebnfbcfobpkklfkmddp [2015-03-17]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
    CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
    StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
    R2 Lotus Notes Diagnostics; C:\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S4 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [20792 2011-02-04] (McAfee, Inc.)
    S4 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
    S4 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [181480 2011-02-04] (McAfee, Inc.)
    S4 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66880 2011-02-04] (McAfee, Inc.)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [77968 2011-02-04] (McAfee, Inc.)
    R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
    R2 Multi-user Cleanup Service; C:\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
    R2 NvcSvcMgr; C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
    S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AE6000; C:\Windows\System32\DRIVERS\AE6000w764.sys [2196512 2013-01-25] (Ralink Technology Corp.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [98216 2011-02-04] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120352 2011-02-04] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464384 2011-02-04] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [79536 2011-02-04] (McAfee, Inc.)
    R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-02-04] (McAfee, Inc.)
    S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
    R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
    R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
    S3 OV550I; C:\Windows\System32\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
    S3 OV550I; C:\Windows\SysWOW64\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
    S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [18480 2010-01-23] (VMware, Inc.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-20 18:07 - 2015-03-20 18:08 - 00019959 _____ () C:\Users\Administrator\Downloads\FRST.txt
    2015-03-20 09:01 - 2015-03-20 09:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\smkits
    2015-03-20 09:00 - 2015-03-20 09:00 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
    2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2015-03-20 04:10 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2015-03-20 04:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2015-03-20 04:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2015-03-20 04:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2015-03-20 04:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2015-03-20 04:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2015-03-20 03:55 - 2015-03-20 03:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-20 03:55 - 2015-03-20 03:55 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-20 03:35 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-03-20 03:35 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-03-20 03:03 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2015-03-20 03:03 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2015-03-19 07:47 - 2015-03-19 07:47 - 00000546 _____ () C:\Windows\PFRO.log
    2015-03-19 07:46 - 2015-03-19 07:44 - 00034629 _____ () C:\Users\Administrator\Desktop\ComboFix.txt
    2015-03-19 07:44 - 2015-03-19 07:44 - 00034629 _____ () C:\ComboFix.txt
    2015-03-18 22:42 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-03-18 22:42 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-03-18 22:42 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-03-18 22:42 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-03-18 22:42 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-03-18 22:42 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-03-18 22:42 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-03-18 22:42 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-03-18 22:20 - 2015-03-19 07:45 - 00000000 ____D () C:\Qoobox
    2015-03-18 22:20 - 2015-03-19 07:43 - 00000000 ____D () C:\Windows\erdnt
    2015-03-18 22:02 - 2015-03-18 22:02 - 05615380 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
    2015-03-18 21:46 - 2015-03-18 21:46 - 00002524 _____ () C:\Users\Administrator\Desktop\JRT.txt
    2015-03-18 21:36 - 2015-03-18 21:36 - 01388672 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
    2015-03-18 20:51 - 2015-03-18 20:52 - 15648856 _____ () C:\Users\Administrator\Downloads\RogueKiller.exe
    2015-03-18 20:12 - 2015-03-19 22:08 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-03-18 20:09 - 2015-03-18 20:09 - 14160536 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall64.exe
    2015-03-18 19:51 - 2015-03-18 19:52 - 00034308 _____ () C:\Users\Administrator\Downloads\Addition1.txt
    2015-03-18 19:50 - 2015-03-20 18:07 - 00000000 ____D () C:\FRST
    2015-03-18 19:50 - 2015-03-18 19:52 - 00036746 _____ () C:\Users\Administrator\Downloads\FRST1.txt
    2015-03-18 18:45 - 2015-03-18 20:56 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-18 18:45 - 2015-03-18 19:50 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-18 18:29 - 2015-03-18 21:32 - 00000000 ____D () C:\AdwCleaner
    2015-03-18 18:27 - 2015-03-18 18:27 - 00468480 _____ () C:\Users\Administrator\Downloads\CKScanner.exe
    2015-03-18 18:26 - 2015-03-18 18:26 - 02095616 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2015-03-18 18:24 - 2015-03-18 18:24 - 18816600 _____ () C:\Users\Administrator\Downloads\RogueKillerX64.exe
    2015-03-18 18:21 - 2015-03-18 18:21 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112 (1).exe
    2015-03-18 18:20 - 2015-03-18 18:20 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112.exe
    2015-03-18 15:55 - 2015-03-18 15:55 - 142302968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
    2015-03-18 14:36 - 2015-03-20 18:04 - 01271046 _____ () C:\Windows\WindowsUpdate.log
    2015-03-18 14:32 - 2015-03-20 18:06 - 00000448 _____ () C:\Windows\setupact.log
    2015-03-18 14:32 - 2015-03-18 14:32 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-18 08:21 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-18 08:21 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-18 08:21 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-18 08:21 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-18 08:21 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-18 08:21 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-18 08:21 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-18 08:21 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-18 08:21 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-18 08:21 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-18 08:21 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-18 08:21 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-18 08:21 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-18 08:21 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-18 08:21 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-18 08:21 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-18 08:21 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-18 08:21 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-18 08:21 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-18 08:21 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-18 08:21 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-18 08:21 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-18 08:21 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-18 08:21 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-18 08:21 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-18 08:21 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-18 08:21 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-18 08:21 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-18 08:21 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-18 08:21 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-18 08:21 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-18 08:21 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-18 08:21 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-18 08:21 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-18 08:21 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-18 08:21 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-18 08:21 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-18 08:21 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-18 08:21 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-18 08:21 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-18 08:21 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-18 08:21 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-18 08:21 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-18 08:21 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-18 08:21 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-18 08:21 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-18 08:21 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-18 08:21 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-18 08:21 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-18 08:21 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-18 08:21 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-18 08:21 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-18 08:21 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-18 08:21 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-18 08:21 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-18 08:21 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-18 08:21 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-03-18 08:21 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-03-18 08:21 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-03-18 08:21 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-03-18 08:20 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-18 08:20 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-18 08:20 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-18 08:20 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-18 08:20 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-18 08:20 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-18 08:20 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-18 08:20 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-18 08:20 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated)
     
  22. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    SECOND HALF OF FRST.TXT FILE:

    C:\Windows\system32\atmfd.dll
    2015-03-18 08:20 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-18 08:20 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-18 08:20 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-18 08:20 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-18 08:20 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-18 08:20 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-18 08:20 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-18 08:20 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-18 08:20 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-18 08:20 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-18 08:20 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-03-18 08:20 - 2014-12-11 13:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-03-18 08:20 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2015-03-18 08:20 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2015-03-18 08:20 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-03-18 08:20 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-03-18 08:20 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2015-03-18 08:20 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2015-03-18 08:20 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2015-03-18 08:20 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2015-03-18 08:20 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2015-03-18 08:20 - 2013-03-19 01:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2015-03-18 08:19 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-18 08:19 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-18 08:19 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-18 08:19 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-18 08:19 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-18 08:19 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-18 08:19 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-18 08:19 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-18 08:19 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-18 08:19 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-18 08:19 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-18 08:19 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-18 08:19 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-18 08:19 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-18 08:19 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-18 08:19 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-18 08:19 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-18 08:19 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-18 08:19 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-18 08:19 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-18 08:19 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-18 08:19 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-18 08:19 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-18 08:19 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-18 08:19 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-18 08:19 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-03-18 08:19 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-18 08:19 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-03-18 08:19 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-03-18 08:18 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2015-03-18 08:18 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2015-03-18 08:18 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2015-03-18 08:18 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2015-03-18 08:18 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2015-03-18 08:18 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2015-03-18 08:18 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-03-18 08:18 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-03-18 08:18 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2015-03-18 08:17 - 2014-10-13 22:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-03-18 08:16 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-18 08:16 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-18 08:16 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-03-18 08:16 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-03-18 08:16 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-03-18 08:16 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-03-18 08:16 - 2014-08-21 02:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-03-18 08:16 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-03-18 08:16 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-03-18 08:16 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2015-03-18 08:16 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2015-03-18 08:16 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-03-18 08:16 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-03-18 08:16 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-03-18 08:16 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2015-03-18 08:16 - 2013-10-03 22:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2015-03-18 08:16 - 2013-10-03 22:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2015-03-18 08:16 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
    2015-03-18 08:16 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
    2015-03-18 08:16 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2015-03-18 08:15 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-18 08:15 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-18 08:15 - 2014-11-10 21:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-03-18 08:15 - 2014-08-21 02:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-03-18 08:15 - 2014-08-21 02:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-03-18 08:15 - 2014-08-21 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-03-18 08:15 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2015-03-18 08:15 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2015-03-18 08:15 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2015-03-18 08:15 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2015-03-18 08:15 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2015-03-18 08:15 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-03-18 08:15 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2015-03-18 08:15 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2015-03-18 08:15 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2015-03-18 08:15 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2015-03-18 08:15 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2015-03-18 08:15 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2015-03-18 08:15 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2015-03-18 08:15 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2015-03-18 08:15 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2015-03-18 08:15 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
    2015-03-18 08:15 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
    2015-03-18 08:15 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
    2015-03-18 08:15 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
    2015-03-18 08:15 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
    2015-03-18 08:15 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
    2015-03-18 08:15 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
    2015-03-18 08:15 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
    2015-03-18 08:15 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
    2015-03-18 08:15 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-03-18 08:15 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-03-18 08:15 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-03-18 08:15 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-03-18 08:15 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2015-03-18 08:15 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2015-03-18 08:14 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-18 08:14 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-18 08:14 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-18 08:14 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-18 08:14 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-18 08:14 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-18 08:14 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-18 08:14 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-18 08:14 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-18 08:14 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-18 08:14 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-18 08:14 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-18 08:14 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-18 08:14 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-18 08:14 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-18 08:14 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-18 08:13 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-03-18 08:13 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-03-18 08:13 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-03-18 08:13 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-03-18 08:13 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-03-18 08:13 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-03-18 08:13 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-03-18 08:13 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2015-03-18 08:13 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2015-03-18 08:13 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2015-03-18 08:13 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2015-03-18 08:13 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2015-03-18 08:12 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-18 08:12 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-18 08:12 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-18 08:12 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-18 08:12 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2015-03-18 08:12 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2015-03-18 08:12 - 2014-10-02 22:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-03-18 08:12 - 2014-10-02 22:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2015-03-18 08:12 - 2014-10-02 22:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-03-18 08:12 - 2014-10-02 22:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2015-03-18 08:12 - 2014-10-02 22:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2015-03-18 08:12 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-03-18 08:12 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2015-03-18 08:12 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2015-03-18 08:12 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2015-03-18 08:12 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2015-03-18 08:12 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2015-03-18 08:12 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2015-03-18 08:12 - 2013-05-10 01:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2015-03-18 08:12 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2015-03-18 08:11 - 2014-11-07 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-03-18 08:11 - 2014-11-07 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-03-18 08:10 - 2014-10-24 21:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-03-18 08:10 - 2014-10-24 21:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2015-03-18 08:10 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-03-18 08:10 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2015-03-18 08:10 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2015-03-18 08:10 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2015-03-18 08:10 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2015-03-18 08:10 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-03-18 08:10 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2015-03-18 08:10 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2015-03-18 08:09 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-18 08:09 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-03-18 08:09 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-03-18 08:09 - 2014-10-13 22:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-03-18 08:09 - 2014-10-13 21:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-03-18 08:09 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-03-18 08:09 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-03-18 08:09 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-03-18 08:09 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-03-18 08:09 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-03-18 08:09 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2015-03-18 08:09 - 2013-01-24 02:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2015-03-18 08:07 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-03-18 08:07 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-03-18 08:06 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2015-03-18 07:32 - 2015-03-18 21:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-18 07:31 - 2015-03-18 07:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-18 07:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-18 07:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-18 07:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-18 03:05 - 2015-03-18 03:05 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
    2015-03-18 03:02 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2015-03-18 03:02 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2015-03-18 03:02 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2015-03-18 03:02 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2015-03-18 03:02 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2015-03-18 03:02 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2015-03-18 03:02 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2015-03-18 03:02 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2015-03-17 22:44 - 2015-03-17 22:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.4.1028.exe
    2015-03-17 22:27 - 2015-03-17 22:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-17 19:01 - 2015-03-18 14:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-03-17 19:01 - 2015-03-17 19:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-03-17 19:01 - 2015-03-17 19:01 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-03-17 19:01 - 2015-03-17 19:01 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2015-03-17 19:01 - 2015-03-17 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-03-17 19:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2015-03-17 18:13 - 2015-03-17 18:13 - 00000000 ____D () C:\SUPERDelete
    2015-03-17 18:12 - 2015-03-17 18:12 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-03-17 18:09 - 2015-03-17 18:09 - 05325696 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup503.exe
    2015-03-17 18:08 - 2015-03-17 18:08 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybot-2.4.exe
    2015-03-17 18:06 - 2015-03-17 18:06 - 21440384 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
    2015-03-17 18:04 - 2015-03-17 18:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-03-17 18:04 - 2015-03-17 18:04 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-03-17 18:02 - 2015-03-17 18:02 - 00243368 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 36.0.1.exe
    2015-03-17 12:01 - 2015-03-17 12:01 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362 (1).msi
    2015-03-17 11:57 - 2015-03-17 11:57 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362.msi
    2015-03-16 18:34 - 2015-03-16 18:34 - 00089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
    2015-03-16 17:13 - 2015-03-16 17:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Free_PDF_Solutions
    2015-03-16 16:17 - 2015-03-16 16:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Free PDF Solutions
    2015-03-16 16:16 - 2015-03-16 16:14 - 16394253 _____ (Free PDF Solutions) C:\Users\Administrator\Downloads\pdftojpg_setup [1].exe
    2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
    2015-03-16 16:13 - 2015-03-16 16:14 - 00993696 _____ ( ) C:\Users\Administrator\Downloads\pdftojpg_setup.exe
    2015-03-16 14:49 - 2015-03-16 14:49 - 00014676 _____ () C:\Users\Administrator\Desktop\BULLETIN 3-11-15.txt
    2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015.pages
    2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015 (1).pages
    2015-03-12 09:15 - 2015-03-12 09:15 - 39401336 _____ (Apple Inc.) C:\Users\Administrator\Downloads\QuickTimeInstaller (2).exe
    2015-03-11 13:13 - 2015-03-11 13:44 - 00030399 _____ () C:\Users\Administrator\Documents\2015TAXES_2.xlsx
    2015-03-11 12:36 - 2015-03-12 19:11 - 00030382 _____ () C:\Users\Administrator\Documents\2015TAXES.xlsx
    2015-03-10 17:05 - 2015-03-10 17:05 - 00045315 _____ () C:\Users\Administrator\Downloads\EXPORT (15).CSV
    2015-03-10 17:04 - 2015-03-11 12:35 - 00042020 _____ () C:\Users\Administrator\Downloads\EXPORT (14).CSV
    2015-03-06 11:32 - 2015-03-06 11:32 - 00724507 _____ () C:\Users\Administrator\Downloads\FedEx_Service_Update_2015-03-06_8AM_vf.xlsx
    2015-03-03 16:14 - 2015-03-03 20:12 - 00000000 ____D () C:\ProgramData\FitbitConnect
    2015-03-03 16:14 - 2015-03-03 16:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
    2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
    2015-03-03 16:10 - 2015-03-03 16:10 - 32688488 _____ (Fitbit Inc.) C:\Users\Administrator\Downloads\FitbitConnect_Win_20141107_2.0.0.6512.exe
    2015-02-18 14:58 - 2015-02-18 15:07 - 47157614 _____ () C:\Users\Administrator\Documents\D7K_9882_pp1.xcf
    2015-02-18 12:38 - 2015-02-18 12:38 - 45808412 _____ () C:\Users\Administrator\Documents\D7K_9878_pp1.xcf

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-20 18:08 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-20 18:08 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-20 18:06 - 2012-03-02 16:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-20 18:06 - 2010-02-10 17:19 - 00000000 ____D () C:\ProgramData\VMware
    2015-03-20 18:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-20 18:02 - 2011-03-15 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
    2015-03-20 17:49 - 2014-07-16 18:21 - 00000554 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job
    2015-03-20 17:47 - 2012-10-05 17:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-20 17:30 - 2011-04-12 00:39 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job
    2015-03-20 17:17 - 2012-03-02 16:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-20 14:30 - 2011-04-12 00:39 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job
    2015-03-20 09:58 - 2011-04-11 23:51 - 00000000 ____D () C:\Users\Administrator\SametimeTranscripts
    2015-03-20 09:00 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-03-20 09:00 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-03-20 04:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-20 03:59 - 2009-07-14 00:45 - 00412504 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-20 03:55 - 2009-07-14 03:12 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
    2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-03-19 07:53 - 2009-07-14 01:13 - 00730592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-19 07:42 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
    2015-03-19 07:41 - 2011-03-15 12:07 - 00000000 ____D () C:\Users\Administrator
    2015-03-18 23:48 - 2012-05-21 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-03-18 23:47 - 2010-02-11 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-18 23:02 - 2014-06-09 18:50 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-18 22:54 - 2012-05-21 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-03-18 22:54 - 2012-05-21 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-03-18 18:34 - 2013-02-26 13:38 - 00000000 ____D () C:\Temp
    2015-03-18 14:36 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
    2015-03-18 14:32 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
    2015-03-18 13:39 - 2012-10-05 17:54 - 00000000 ____D () C:\Program Files\Google
    2015-03-18 13:39 - 2011-03-15 12:22 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-03-18 12:00 - 2011-03-15 12:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2015-03-18 08:59 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
    2015-03-17 22:28 - 2012-07-19 17:28 - 00000000 ____D () C:\Windows\Minidump
    2015-03-17 22:28 - 2010-02-10 19:05 - 00000000 ____D () C:\Windows\Panther
    2015-03-17 18:05 - 2011-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
    2015-03-17 18:04 - 2011-03-15 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-17 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
    2015-03-16 18:53 - 2015-02-05 22:48 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
    2015-03-16 18:34 - 2015-02-05 22:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
    2015-03-10 09:26 - 2011-04-13 10:09 - 00000000 ____D () C:\Users\Administrator\Documents\LBSLC
    2015-03-07 23:48 - 2014-07-16 18:21 - 00003614 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500
    2015-02-26 21:14 - 2010-02-11 16:21 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-24 04:17 - 2010-02-10 17:31 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-02-23 11:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

    ==================== Files in the root of some directories =======

    2011-08-26 17:26 - 2011-08-26 17:26 - 0000272 _____ () C:\Users\Administrator\AppData\Roaming\.backup.dm
    2012-11-28 12:12 - 2015-02-02 23:44 - 0000570 _____ () C:\Users\Administrator\AppData\Roaming\gmic_faves
    2012-11-28 10:42 - 2014-01-22 18:48 - 0001062 _____ () C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz
    2013-11-14 21:32 - 2013-11-14 21:32 - 0893239 _____ () C:\Users\Administrator\AppData\Local\a.zip
    2013-11-14 21:32 - 2013-11-14 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll
    2015-03-16 18:34 - 2015-03-16 18:34 - 0089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
    2015-02-09 12:46 - 2015-02-09 12:46 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

    Some zero byte size files/folders:
    ==========================
    C:\Windows\SysWOW64\sqljdbc_auth.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-16 14:28

    ==================== End Of Log ============================
     
  23. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    ADDITION.TXT:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Administrator at 2015-03-20 18:09:18
    Running from C:\Users\Administrator\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee VirusScan Enterprise (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BMC Remedy Action Request System 7.5.00 Install 1 (HKLM-x32\...\ARSystem 1) (Version: 7.5.0.2 - BMC Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
    Crystal11_Redistributables (HKLM-x32\...\{154A9EEB-05FC-45E6-B7BD-75D27ED02276}) (Version: 1.00.0000 - BMC Software Inc.)
    CSC VPN CLIENT (HKLM\...\{4EC5CF64-2E59-411D-0301-120101004016}) (Version: 10.04.016 - Nortel Networks)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    G'MIC for GIMP version 1.5.8.2 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.5.8.2 - )
    Google Chrome (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GoToMeeting 7.1.2.2417 (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\GoToMeeting) (Version: 7.1.2.2417 - CitrixOnline)
    IBM Lotus Sametime Advanced Embedded 8.5.1 (HKLM-x32\...\{AE1C5284-571C-41E9-AE8C-77F8B21B2251}) (Version: 8.5.1.20100709-1631 - IBM)
    IBM Lotus Sametime Connect 8.0.2 (HKLM-x32\...\{A2EF91BA-068C-4F6D-B6ED-52D1D272ED8F}) (Version: 8.02.081205 - IBM)
    iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
    Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
    ImageScanTool x64 1.023 (HKLM\...\{C97F4875-E097-4702-A2D8-494FEAB99CDF}) (Version: 1.00.2300 - Image Scan Tool)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lotus Notes 8.5.2 (HKLM-x32\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Agent (HKLM-x32\...\{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}) (Version: 4.0.0.1345 - McAfee, Inc.)
    McAfee AntiSpyware Enterprise Module (HKLM-x32\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.7.0.129 - McAfee, Inc.)
    McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.00005 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola)
    MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
    Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Portrait Professional 11.2 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.2 - Anthropics Technology Ltd.)
    Portrait Professional 11.2 Trial (HKLM-x32\...\PortraitProfessional11Trial_is1) (Version: 11.2 - Anthropics Technology Ltd.)
    QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    Spotify (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.0.1.11056 - VMware, Inc)
    VMware Workstation (x32 Version: 7.0.1.11056 - VMware, Inc.) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    18-03-2015 11:36:23 Removed WeatherApp
    18-03-2015 11:52:33 Removed Free PDF to JPG Converter
    18-03-2015 22:42:35 Windows Update
    20-03-2015 03:00:28 Windows Update
    20-03-2015 18:03:45 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-03-19 07:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {013516AD-B455-40CB-A6B7-830AB1B56AAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {09677A8C-D4A0-48BE-B871-9A166BF0702C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {1331D7AF-B214-41CD-AE01-F60AC6128A89} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {232F09E8-4D68-4660-BD71-E5E1AD601BD2} - System32\Tasks\{E348C0BA-9755-4039-B6E7-D94CEB4084FA} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {240DB126-3A43-41F7-9913-EA76681591B2} - System32\Tasks\{00DB029D-CC01-41C3-8A03-C0B6D07D50B8} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {246D5036-8289-4928-8F1A-23612358B959} - System32\Tasks\{6F0E4623-C9C1-4B1D-892E-0539FAA66FD4} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
    Task: {25925360-67A8-4636-9E9B-C8036FF12192} - System32\Tasks\{C4BC7C92-CECA-4813-A75F-A820D549B384} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {2D3D18C4-486B-443C-90FE-784BBB3AD25A} - System32\Tasks\{B27D859E-2C14-4BE6-987F-2645C91508B8} => pcalua.exe -a C:\SUPPORT\LOTUSN~1.2\CSC-EN~1.EXE -d C:\SUPPORT\LOTUSN~1.2
    Task: {30AC5B0A-5BB0-4341-896B-E8C55ADAA894} - System32\Tasks\{417F94B9-E78D-46B5-81FE-2C9C23A68F7B} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {30E39869-55AD-446E-9602-8DC57E6CBEDB} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {5331A84A-73FA-4FE0-B9CB-B8548ED2C7EC} - System32\Tasks\{08683B08-8A73-4CC3-8C41-CDACF091656E} => pcalua.exe -a C:\Users\Administrator\Downloads\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Downloads
    Task: {5EA19D18-BF92-4524-A5D2-B0C16359B669} - System32\Tasks\{9D37C61C-EEB1-4D81-976D-0F8C37DD2F4B} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
    Task: {627DBF91-8FA7-4B86-97F1-335BD97A9D96} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2012-12-20] (Cisco Consumer Products LLC)
    Task: {6772758C-AA01-4D1B-8C7B-8BF97E4D5739} - System32\Tasks\{0FF4EC9A-1751-4F34-8043-921DA55D4465} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {6A1A92DD-2FA4-4996-9406-BC69F8A0987A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {7390525C-55A4-4CD3-928F-156EC3F6B930} - System32\Tasks\{027630B8-011F-464A-A843-A0A80D2E03C3} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
    Task: {83C20026-11BE-4C54-A6FE-E2721003EC57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {8486BDA2-CA38-494D-8DD0-8569D8738BE2} - System32\Tasks\{22788ACD-C416-4047-ABC9-1CFC8947D63A} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQGYG88U\g2m_codec.exe" -d C:\Users\Administrator\Desktop
    Task: {8B3C2831-65E7-4274-904B-DFBAE3232F0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {8D1209F3-A52E-4FBA-88F6-03300AC897BB} - System32\Tasks\{7577965B-3197-4B06-A7B4-C4BBE221DDEF} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {8DA43660-72DD-4552-BE77-C6D2FE986350} - System32\Tasks\{86EB6777-604A-4633-A9AD-7AAC43E039B8} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
    Task: {92DC2FD2-106F-43A6-8BC6-496D0F48371A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {A29C6832-03CE-464B-9CBD-A843E4EA5028} - System32\Tasks\{318AA446-E7B9-4FCA-B788-5445178A14C1} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {A3385135-5E90-4CCC-998D-A24B143E1D82} - System32\Tasks\{F90D1AA4-5B18-43BA-B838-3C62C3535894} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {A6649822-72E9-47E0-B5CF-699AB48A9D21} - System32\Tasks\{CAD2216B-3623-48EC-863E-74B5498F21EB} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {AA3B95BE-48AE-4A45-AE19-DE20920B639C} - System32\Tasks\{DB18C36F-33DD-481F-9A3B-E2AAC511C86B} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
    Task: {B6D880A8-9FC1-49C4-B89F-55109D765845} - System32\Tasks\{257B6798-5C44-4452-BE72-0E648E563431} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-EAC486102d.exe -d C:\Users\Administrator\Desktop
    Task: {C0EF7ADB-0A02-4DB6-94A8-446370DFA461} - System32\Tasks\{E73B4441-CB71-4C7A-BDE6-11F91BF4702A} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {C4DE6137-8410-42EB-8B80-264D64B2F835} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
    Task: {C9762CCC-1C19-488D-9E01-88F6589FA108} - System32\Tasks\{D4632EC1-4BB2-4D63-B35B-85B588369A70} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {CA4D50A8-2040-4215-BD12-CBFD58639784} - System32\Tasks\{99BE8628-99D1-45D7-AA19-AFC8C32DBE79} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
    Task: {CD263579-2B1C-49F1-BD33-CD38FF2D5B1D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500 => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {D528E0D2-5743-4ADC-8839-E5837F495DDA} - System32\Tasks\{2E7DAC13-7A79-4CB0-9ADA-C9ED336C186C} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {D6134159-3D31-49DB-A99E-172A6C9DB18D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
    Task: {E9D1321A-C547-4768-B4F3-4EFCCE9604C9} - System32\Tasks\{7BD15685-CFD9-4820-B183-B4A17CABE4C3} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {F2E6BCE5-BF53-49FA-878E-1FC0CBDC2B51} - System32\Tasks\{AD01C043-5FAD-44C3-860B-E0609A5F40A6} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: {FDE32750-1E88-4E29-B034-023D43B4C79C} - System32\Tasks\{AD82B8C8-20CA-4957-BC40-7A3327F5C69F} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Desktop
    Task: {FF61A556-FDB6-4F03-B8A2-A86EB6FF83EA} - System32\Tasks\{F0EABA7B-2FC2-427C-A9A9-EF1C5140BC46} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Loaded Modules (whitelisted) ==============

    2011-01-27 17:13 - 2011-01-27 17:13 - 00226624 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    2011-01-27 17:13 - 2011-01-27 17:13 - 00673088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-01-23 02:13 - 2010-01-23 02:13 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
    2010-01-23 02:13 - 2010-01-23 02:13 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
    2014-07-24 22:10 - 2012-11-27 15:12 - 01210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: bthserv => 3
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
    MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    MSCONFIG\startupreg: NVC => "C:\Program Files\CSC VPN CLIENT\Nvc.exe" -autostart
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    MSCONFIG\startupreg: Spotify => "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: vmware-tray => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2979728093-1124239313-4181705486-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2979728093-1124239313-4181705486-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2979728093-1124239313-4181705486-1004 - Limited - Enabled)
    __vmware_user__ (S-1-5-21-2979728093-1124239313-4181705486-1001 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Intel(R) 82567LM-3 Gigabit Network Connection
    Description: Intel(R) 82567LM-3 Gigabit Network Connection
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel
    Service: e1kexpress
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/19/2015 07:34:32 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

    Error: (03/19/2015 07:34:32 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
    .


    Operation:
    Instantiating VSS server

    Error: (03/19/2015 07:34:32 AM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]


    Operation:
    Instantiating VSS server


    System errors:
    =============
    Error: (03/20/2015 03:56:53 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

    Error: (03/20/2015 03:52:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2978668).

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB3035126).

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3032359).

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2852386).

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB3031432).

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB3006226).

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2993651).

    Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2973351).


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-19 07:41:45.924
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-19 07:41:45.768
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
    Percentage of memory in use: 42%
    Total physical RAM: 6013.59 MB
    Available physical RAM: 3443.49 MB
    Total Pagefile: 12411.78 MB
    Available Pagefile: 10176.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:298.09 GB) (Free:120.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8F917E89)
    Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  25. MMyers2015

    MMyers2015 TS Rookie Topic Starter Posts: 40

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Administrator at 2015-03-20 21:57:35 Run:1
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available profiles: Administrator)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
    Toolbar: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
    CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional
    CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional"
    CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
    CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs...CtCtB&cr=1783096704&a=wny_ir_15_12&os=Windows 7 Professional&p={searchTerms}
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2011-08-26 17:26 - 2011-08-26 17:26 - 0000272 _____ () C:\Users\Administrator\AppData\Roaming\.backup.dm
    2012-11-28 12:12 - 2015-02-02 23:44 - 0000570 _____ () C:\Users\Administrator\AppData\Roaming\gmic_faves
    2012-11-28 10:42 - 2014-01-22 18:48 - 0001062 _____ () C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz
    2013-11-14 21:32 - 2013-11-14 21:32 - 0893239 _____ () C:\Users\Administrator\AppData\Local\a.zip
    2013-11-14 21:32 - 2013-11-14 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll
    2015-03-16 18:34 - 2015-03-16 18:34 - 0089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
    2015-02-09 12:46 - 2015-02-09 12:46 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
    C:\Windows\SysWOW64\sqljdbc_auth.dll

    *****************

    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-2979728093-1124239313-4181705486-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => Key deleted successfully.
    HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => Key not found.
    HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
    HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
    "HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
    C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL not found.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    catchme => Service deleted successfully.
    C:\Users\Administrator\AppData\Roaming\.backup.dm => Moved successfully.
    C:\Users\Administrator\AppData\Roaming\gmic_faves => Moved successfully.
    C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz => Moved successfully.
    C:\Users\Administrator\AppData\Local\a.zip => Moved successfully.
    C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll => Moved successfully.
    C:\Users\Administrator\AppData\Local\recently-used.xbel => Moved successfully.
    C:\Users\Administrator\AppData\Local\resmon.resmoncfg => Moved successfully.
    C:\Windows\SysWOW64\sqljdbc_auth.dll => Moved successfully.


    The system needed a reboot.

    ==== End of Fixlog 21:57:35 ====
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...