Solved Multiple processes with *32 in task manager and getting pop-ups adware

MMyers2015

Posts: 40   +0
I recently downloaded and installed a PDF to JPG converter and this seems to be when my problems began. Some of the pop-ups are video/audio, others are trying to get me to click to remove viruses, etc.

Can anyone help with this? Help!

MMyers
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Administrator (administrator) on WINDOWS-D9P51W1 on 18-03-2015 19:50:49
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(IBM) C:\IBM\Lotus\Notes\nsd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(IBM Corp) C:\IBM\Lotus\Notes\ntmulti.exe
(Nortel Networks) C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {13e55ffb-37d1-11e2-aa5c-005056c00008} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {50624367-801d-11e2-8375-005056c00008} - G:\setup.exe -a
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {61634bee-a757-11e1-b1f2-005056c00008} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {972e6db2-95b9-11e1-86c8-005056c00008} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\MountPoints2: {dc339e0d-5f82-11e0-9194-005056c00008} - H:\LaunchU3.exe -a
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> {F230415A-9F9E-40B3-88C9-98D05D0A0604} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll [2011-02-04] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll [2011-02-04] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2014-06-09] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73}: [NameServer] 161.145.28.3,161.145.106.48

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-13] ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-01-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
FF Extension: Default Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\DefaultManager@Microsoft [2012-04-30]
FF Extension: Strong Signal - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\{6a37a6df-cdc9-4482-9257-c1fac286b4a9}.xpi [2015-03-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional"
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs...CtCtB&cr=1783096704&a=wny_ir_15_12&os=Windows 7 Professional&p={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Strong Signal) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aamaaompokdjbebnfbcfobpkklfkmddp [2015-03-17]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 Lotus Notes Diagnostics; C:\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [20792 2011-02-04] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [181480 2011-02-04] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66880 2011-02-04] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mfevtp; C:\Windows\system32\mfevtps.exe [77968 2011-02-04] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 Multi-user Cleanup Service; C:\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
R2 NvcSvcMgr; C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AE6000; C:\Windows\System32\DRIVERS\AE6000w764.sys [2196512 2013-01-25] (Ralink Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [98216 2011-02-04] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120352 2011-02-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464384 2011-02-04] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [79536 2011-02-04] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-02-04] (McAfee, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
S3 OV550I; C:\Windows\System32\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
S3 OV550I; C:\Windows\SysWOW64\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [18480 2010-01-23] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 19:50 - 2015-03-18 19:51 - 00021853 _____ () C:\Users\Administrator\Downloads\FRST.txt
2015-03-18 19:50 - 2015-03-18 19:50 - 00000000 ____D () C:\FRST
2015-03-18 18:45 - 2015-03-18 19:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-18 18:45 - 2015-03-18 18:45 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-18 18:29 - 2015-03-18 18:42 - 00000000 ____D () C:\AdwCleaner
2015-03-18 18:27 - 2015-03-18 18:27 - 00468480 _____ () C:\Users\Administrator\Downloads\CKScanner.exe
2015-03-18 18:26 - 2015-03-18 18:26 - 02095616 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-03-18 18:24 - 2015-03-18 18:24 - 18816600 _____ () C:\Users\Administrator\Downloads\RogueKillerX64.exe
2015-03-18 18:21 - 2015-03-18 18:21 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112 (1).exe
2015-03-18 18:20 - 2015-03-18 18:20 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112.exe
2015-03-18 15:55 - 2015-03-18 15:55 - 142302968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2015-03-18 14:36 - 2015-03-18 18:53 - 00088613 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 14:32 - 2015-03-18 18:43 - 00000224 _____ () C:\Windows\setupact.log
2015-03-18 14:32 - 2015-03-18 14:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-18 07:32 - 2015-03-18 18:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 07:31 - 2015-03-18 07:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-18 07:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 07:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 07:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 03:05 - 2015-03-18 03:05 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-03-18 03:02 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-18 03:02 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-03-18 03:02 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-03-18 03:02 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-18 03:02 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-18 03:02 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-18 03:02 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-03-18 03:02 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-03-17 22:44 - 2015-03-17 22:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-17 22:27 - 2015-03-17 22:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-17 20:00 - 2015-03-17 20:00 - 00000967 _____ () C:\Windows\wininit.ini
2015-03-17 19:01 - 2015-03-18 14:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 19:01 - 2015-03-17 19:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-17 19:01 - 2015-03-17 19:01 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-17 19:01 - 2015-03-17 19:01 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-17 19:01 - 2015-03-17 19:01 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-17 19:01 - 2015-03-17 19:01 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-17 19:01 - 2015-03-17 19:01 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-17 19:01 - 2015-03-17 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-17 19:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-17 18:13 - 2015-03-17 18:13 - 00000000 ____D () C:\SUPERDelete
2015-03-17 18:12 - 2015-03-17 18:12 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-17 18:09 - 2015-03-17 18:09 - 05325696 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup503.exe
2015-03-17 18:08 - 2015-03-17 18:08 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybot-2.4.exe
2015-03-17 18:06 - 2015-03-17 18:06 - 21440384 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
2015-03-17 18:04 - 2015-03-17 18:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-17 18:04 - 2015-03-17 18:04 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-17 18:02 - 2015-03-17 18:02 - 00243368 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-17 12:01 - 2015-03-17 12:01 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362 (1).msi
2015-03-17 11:57 - 2015-03-17 11:57 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362.msi
2015-03-17 10:14 - 2015-03-17 10:14 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2015-03-16 18:34 - 2015-03-16 18:34 - 00089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-03-16 17:13 - 2015-03-16 17:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Free_PDF_Solutions
2015-03-16 16:17 - 2015-03-16 16:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Free PDF Solutions
2015-03-16 16:16 - 2015-03-16 16:14 - 16394253 _____ (Free PDF Solutions) C:\Users\Administrator\Downloads\pdftojpg_setup [1].exe
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-03-16 16:13 - 2015-03-16 16:14 - 00993696 _____ ( ) C:\Users\Administrator\Downloads\pdftojpg_setup.exe
2015-03-16 14:49 - 2015-03-16 14:49 - 00014676 _____ () C:\Users\Administrator\Desktop\BULLETIN 3-11-15.txt
2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015.pages
2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015 (1).pages
2015-03-12 09:15 - 2015-03-12 09:15 - 39401336 _____ (Apple Inc.) C:\Users\Administrator\Downloads\QuickTimeInstaller (2).exe
2015-03-11 13:13 - 2015-03-11 13:44 - 00030399 _____ () C:\Users\Administrator\Documents\2015TAXES_2.xlsx
2015-03-11 12:36 - 2015-03-12 19:11 - 00030382 _____ () C:\Users\Administrator\Documents\2015TAXES.xlsx
2015-03-10 17:05 - 2015-03-10 17:05 - 00045315 _____ () C:\Users\Administrator\Downloads\EXPORT (15).CSV
2015-03-10 17:04 - 2015-03-11 12:35 - 00042020 _____ () C:\Users\Administrator\Downloads\EXPORT (14).CSV
2015-03-06 11:32 - 2015-03-06 11:32 - 00724507 _____ () C:\Users\Administrator\Downloads\FedEx_Service_Update_2015-03-06_8AM_vf.xlsx
2015-03-05 09:59 - 2015-03-18 14:32 - 00001037 _____ () C:\Windows\SysWOW64\debug.log
2015-03-03 16:14 - 2015-03-03 20:12 - 00000000 ____D () C:\ProgramData\FitbitConnect
2015-03-03 16:14 - 2015-03-03 16:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2015-03-03 16:10 - 2015-03-03 16:10 - 32688488 _____ (Fitbit Inc.) C:\Users\Administrator\Downloads\FitbitConnect_Win_20141107_2.0.0.6512.exe
2015-02-18 14:58 - 2015-02-18 15:07 - 47157614 _____ () C:\Users\Administrator\Documents\D7K_9882_pp1.xcf
2015-02-18 12:38 - 2015-02-18 12:38 - 45808412 _____ () C:\Users\Administrator\Documents\D7K_9878_pp1.xcf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 19:49 - 2014-07-16 18:21 - 00000554 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job
2015-03-18 19:47 - 2012-10-05 17:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 19:30 - 2011-04-12 00:39 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job
2015-03-18 19:17 - 2012-03-02 16:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 18:51 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 18:51 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 18:50 - 2009-07-14 01:13 - 00730592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 18:44 - 2012-03-02 16:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 18:44 - 2010-02-10 17:19 - 00000000 ____D () C:\ProgramData\VMware
2015-03-18 18:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 18:34 - 2013-02-26 13:38 - 00000000 ____D () C:\Temp
2015-03-18 18:05 - 2011-03-15 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
2015-03-18 14:36 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
2015-03-18 14:32 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
2015-03-18 13:39 - 2012-10-05 17:54 - 00000000 ____D () C:\Program Files\Google
2015-03-18 13:39 - 2011-03-15 12:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-18 12:00 - 2011-03-15 12:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-03-18 09:02 - 2011-04-11 23:51 - 00000000 ____D () C:\Users\Administrator\SametimeTranscripts
2015-03-18 08:59 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
2015-03-18 03:01 - 2010-02-11 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 22:28 - 2012-07-19 17:28 - 00000000 ____D () C:\Windows\Minidump
2015-03-17 22:28 - 2010-02-10 19:05 - 00000000 ____D () C:\Windows\Panther
2015-03-17 18:05 - 2011-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2015-03-17 18:04 - 2011-03-15 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-17 14:30 - 2011-04-12 00:39 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job
2015-03-17 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-03-16 18:53 - 2015-02-05 22:48 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2015-03-16 18:34 - 2015-02-05 22:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
2015-03-10 09:26 - 2011-04-13 10:09 - 00000000 ____D () C:\Users\Administrator\Documents\LBSLC
2015-03-07 23:48 - 2014-07-16 18:21 - 00003614 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500
2015-02-24 04:17 - 2010-02-10 17:31 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 11:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2011-08-26 17:26 - 2011-08-26 17:26 - 0000272 _____ () C:\Users\Administrator\AppData\Roaming\.backup.dm
2012-11-28 12:12 - 2015-02-02 23:44 - 0000570 _____ () C:\Users\Administrator\AppData\Roaming\gmic_faves
2012-11-28 10:42 - 2014-01-22 18:48 - 0001062 _____ () C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz
2013-11-14 21:32 - 2013-11-14 21:32 - 0893239 _____ () C:\Users\Administrator\AppData\Local\a.zip
2013-11-14 21:32 - 2013-11-14 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll
2015-03-16 18:34 - 2015-03-16 18:34 - 0089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-02-09 12:46 - 2015-02-09 12:46 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\sqljdbc_auth.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 14:28

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-18 19:51:23
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BMC Remedy Action Request System 7.5.00 Install 1 (HKLM-x32\...\ARSystem 1) (Version: 7.5.0.2 - BMC Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Crystal11_Redistributables (HKLM-x32\...\{154A9EEB-05FC-45E6-B7BD-75D27ED02276}) (Version: 1.00.0000 - BMC Software Inc.)
CSC VPN CLIENT (HKLM\...\{4EC5CF64-2E59-411D-0301-120101004016}) (Version: 10.04.016 - Nortel Networks)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
G'MIC for GIMP version 1.5.8.2 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.5.8.2 - )
Google Chrome (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.2.2417 (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\GoToMeeting) (Version: 7.1.2.2417 - CitrixOnline)
IBM Lotus Sametime Advanced Embedded 8.5.1 (HKLM-x32\...\{AE1C5284-571C-41E9-AE8C-77F8B21B2251}) (Version: 8.5.1.20100709-1631 - IBM)
IBM Lotus Sametime Connect 8.0.2 (HKLM-x32\...\{A2EF91BA-068C-4F6D-B6ED-52D1D272ED8F}) (Version: 8.02.081205 - IBM)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
ImageScanTool x64 1.023 (HKLM\...\{C97F4875-E097-4702-A2D8-494FEAB99CDF}) (Version: 1.00.2300 - Image Scan Tool)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lotus Notes 8.5.2 (HKLM-x32\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}) (Version: 4.0.0.1345 - McAfee, Inc.)
McAfee AntiSpyware Enterprise Module (HKLM-x32\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.7.0.129 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.00005 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PE Photo (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\PE Photo) (Version: - PE Photo)
Portrait Professional 11.2 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.2 - Anthropics Technology Ltd.)
Portrait Professional 11.2 Trial (HKLM-x32\...\PortraitProfessional11Trial_is1) (Version: 11.2 - Anthropics Technology Ltd.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Spotify (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.0.1.11056 - VMware, Inc)
VMware Workstation (x32 Version: 7.0.1.11056 - VMware, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

18-03-2015 03:00:20 Windows Update
18-03-2015 11:36:23 Removed WeatherApp
18-03-2015 11:52:33 Removed Free PDF to JPG Converter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013516AD-B455-40CB-A6B7-830AB1B56AAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {09677A8C-D4A0-48BE-B871-9A166BF0702C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {1331D7AF-B214-41CD-AE01-F60AC6128A89} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {232F09E8-4D68-4660-BD71-E5E1AD601BD2} - System32\Tasks\{E348C0BA-9755-4039-B6E7-D94CEB4084FA} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {240DB126-3A43-41F7-9913-EA76681591B2} - System32\Tasks\{00DB029D-CC01-41C3-8A03-C0B6D07D50B8} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {246D5036-8289-4928-8F1A-23612358B959} - System32\Tasks\{6F0E4623-C9C1-4B1D-892E-0539FAA66FD4} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
Task: {25925360-67A8-4636-9E9B-C8036FF12192} - System32\Tasks\{C4BC7C92-CECA-4813-A75F-A820D549B384} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {2D3D18C4-486B-443C-90FE-784BBB3AD25A} - System32\Tasks\{B27D859E-2C14-4BE6-987F-2645C91508B8} => pcalua.exe -a C:\SUPPORT\LOTUSN~1.2\CSC-EN~1.EXE -d C:\SUPPORT\LOTUSN~1.2
Task: {30AC5B0A-5BB0-4341-896B-E8C55ADAA894} - System32\Tasks\{417F94B9-E78D-46B5-81FE-2C9C23A68F7B} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {30E39869-55AD-446E-9602-8DC57E6CBEDB} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {5331A84A-73FA-4FE0-B9CB-B8548ED2C7EC} - System32\Tasks\{08683B08-8A73-4CC3-8C41-CDACF091656E} => pcalua.exe -a C:\Users\Administrator\Downloads\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Downloads
Task: {5EA19D18-BF92-4524-A5D2-B0C16359B669} - System32\Tasks\{9D37C61C-EEB1-4D81-976D-0F8C37DD2F4B} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
Task: {627DBF91-8FA7-4B86-97F1-335BD97A9D96} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2012-12-20] (Cisco Consumer Products LLC)
Task: {6772758C-AA01-4D1B-8C7B-8BF97E4D5739} - System32\Tasks\{0FF4EC9A-1751-4F34-8043-921DA55D4465} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {6A1A92DD-2FA4-4996-9406-BC69F8A0987A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {7390525C-55A4-4CD3-928F-156EC3F6B930} - System32\Tasks\{027630B8-011F-464A-A843-A0A80D2E03C3} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
Task: {83C20026-11BE-4C54-A6FE-E2721003EC57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {8486BDA2-CA38-494D-8DD0-8569D8738BE2} - System32\Tasks\{22788ACD-C416-4047-ABC9-1CFC8947D63A} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQGYG88U\g2m_codec.exe" -d C:\Users\Administrator\Desktop
Task: {8B3C2831-65E7-4274-904B-DFBAE3232F0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8D1209F3-A52E-4FBA-88F6-03300AC897BB} - System32\Tasks\{7577965B-3197-4B06-A7B4-C4BBE221DDEF} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {8DA43660-72DD-4552-BE77-C6D2FE986350} - System32\Tasks\{86EB6777-604A-4633-A9AD-7AAC43E039B8} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
Task: {92DC2FD2-106F-43A6-8BC6-496D0F48371A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {A29C6832-03CE-464B-9CBD-A843E4EA5028} - System32\Tasks\{318AA446-E7B9-4FCA-B788-5445178A14C1} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {A3385135-5E90-4CCC-998D-A24B143E1D82} - System32\Tasks\{F90D1AA4-5B18-43BA-B838-3C62C3535894} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {A6649822-72E9-47E0-B5CF-699AB48A9D21} - System32\Tasks\{CAD2216B-3623-48EC-863E-74B5498F21EB} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {AA3B95BE-48AE-4A45-AE19-DE20920B639C} - System32\Tasks\{DB18C36F-33DD-481F-9A3B-E2AAC511C86B} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
Task: {B6D880A8-9FC1-49C4-B89F-55109D765845} - System32\Tasks\{257B6798-5C44-4452-BE72-0E648E563431} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-EAC486102d.exe -d C:\Users\Administrator\Desktop
Task: {C0EF7ADB-0A02-4DB6-94A8-446370DFA461} - System32\Tasks\{E73B4441-CB71-4C7A-BDE6-11F91BF4702A} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {C4DE6137-8410-42EB-8B80-264D64B2F835} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {C9762CCC-1C19-488D-9E01-88F6589FA108} - System32\Tasks\{D4632EC1-4BB2-4D63-B35B-85B588369A70} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {CA4D50A8-2040-4215-BD12-CBFD58639784} - System32\Tasks\{99BE8628-99D1-45D7-AA19-AFC8C32DBE79} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {CD263579-2B1C-49F1-BD33-CD38FF2D5B1D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500 => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D528E0D2-5743-4ADC-8839-E5837F495DDA} - System32\Tasks\{2E7DAC13-7A79-4CB0-9ADA-C9ED336C186C} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {D6134159-3D31-49DB-A99E-172A6C9DB18D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {E9D1321A-C547-4768-B4F3-4EFCCE9604C9} - System32\Tasks\{7BD15685-CFD9-4820-B183-B4A17CABE4C3} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {F2E6BCE5-BF53-49FA-878E-1FC0CBDC2B51} - System32\Tasks\{AD01C043-5FAD-44C3-860B-E0609A5F40A6} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {FDE32750-1E88-4E29-B034-023D43B4C79C} - System32\Tasks\{AD82B8C8-20CA-4957-BC40-7A3327F5C69F} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Desktop
Task: {FF61A556-FDB6-4F03-B8A2-A86EB6FF83EA} - System32\Tasks\{F0EABA7B-2FC2-427C-A9A9-EF1C5140BC46} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2011-01-27 17:13 - 2011-01-27 17:13 - 00226624 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-01-27 17:13 - 2011-01-27 17:13 - 00673088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2005-08-22 16:38 - 2005-08-22 16:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2009-01-16 17:00 - 2009-01-16 17:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2009-04-29 21:07 - 2009-04-29 21:07 - 00148816 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsEvntUI.dll
2015-03-17 19:01 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-17 19:01 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-17 19:01 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-17 19:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-17 19:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-01-23 02:13 - 2010-01-23 02:13 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2010-01-23 02:13 - 2010-01-23 02:13 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2014-07-24 22:10 - 2012-11-27 15:12 - 01210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: bthserv => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: NVC => "C:\Program Files\CSC VPN CLIENT\Nvc.exe" -autostart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: Spotify => "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vmware-tray => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2979728093-1124239313-4181705486-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2979728093-1124239313-4181705486-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2979728093-1124239313-4181705486-1004 - Limited - Enabled)
__vmware_user__ (S-1-5-21-2979728093-1124239313-4181705486-1001 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) 82567LM-3 Gigabit Network Connection
Description: Intel(R) 82567LM-3 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1kexpress
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/18/2015 02:35:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/18/2015 02:35:03 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))

Error: (03/18/2015 02:32:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (2484) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100012.log.


System errors:
=============
Error: (03/18/2015 06:46:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 06:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMware USB Arbitration Service service failed to start due to the following error:
%%109

Error: (03/18/2015 06:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%109

Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2015 06:32:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2011-04-27 15:31:04.825
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-27 14:27:28.058
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-27 13:58:40.816
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-27 13:28:10.543
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-27 12:53:00.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-27 10:47:49.390
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-27 10:14:21.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-27 09:17:25.644
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-26 16:12:05.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-26 14:52:11.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 37%
Total physical RAM: 6013.59 MB
Available physical RAM: 3761.31 MB
Total Pagefile: 12411.77 MB
Available Pagefile: 10417.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:121.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8F917E89)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V10.5.5.0 (x64) [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Users\Administrator\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 03/18/2015 21:07:57

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2221C6F4-DCD5-4210-8DF1-F9BE8E1CEBA7} | DhcpNameServer : 98.159.192.3 98.159.192.2 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73} | NameServer : 161.145.28.3,161.145.106.48 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A77D94E8-88F7-4243-9AF3-1287128034F2} | DhcpNameServer : 198.224.181.135 198.224.178.135 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2221C6F4-DCD5-4210-8DF1-F9BE8E1CEBA7} | DhcpNameServer : 98.159.192.3 98.159.192.2 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73} | NameServer : 161.145.28.3,161.145.106.48 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A77D94E8-88F7-4243-9AF3-1287128034F2} | DhcpNameServer : 198.224.181.135 198.224.178.135 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2221C6F4-DCD5-4210-8DF1-F9BE8E1CEBA7} | DhcpNameServer : 98.159.192.3 98.159.192.2 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73} | NameServer : 161.145.28.3,161.145.106.48 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A77D94E8-88F7-4243-9AF3-1287128034F2} | DhcpNameServer : 198.224.181.135 198.224.178.135 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS +++++
--- User ---
[MBR] fae58d412ce8c29d83b612c1d52ad160
[BSP] c6e7c7dcc6a8224c913a9abf72999101 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_03182015_191015.log - RKreport_DEL_03182015_192412.log - RKreport_DEL_03182015_195016.log - RKreport_DEL_03182015_195018.log
RKreport_SCN_03182015_185802.log - RKreport_SCN_03182015_192129.log - RKreport_SCN_03182015_210733.log
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/18/2015
Scan Time: 9:10:59 PM
Logfile: MBAMSCANLOG.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.19.01
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351288
Time Elapsed: 12 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v4.112 - Logfile created 18/03/2015 at 21:32:07
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Administrator - WINDOWS-D9P51W1
# Running from : C:\Users\Administrator\Downloads\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional&p={searchTerms}

*************************

AdwCleaner[R0].txt - [9335 bytes] - [18/03/2015 18:29:28]
AdwCleaner[R1].txt - [1035 bytes] - [18/03/2015 18:35:34]
AdwCleaner[R2].txt - [1154 bytes] - [18/03/2015 18:40:15]
AdwCleaner[R3].txt - [1954 bytes] - [18/03/2015 21:29:22]
AdwCleaner[S0].txt - [9562 bytes] - [18/03/2015 18:32:23]
AdwCleaner[S1].txt - [1104 bytes] - [18/03/2015 18:37:36]
AdwCleaner[S2].txt - [1223 bytes] - [18/03/2015 18:42:20]
AdwCleaner[S3].txt - [1885 bytes] - [18/03/2015 21:32:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1944 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x64
Ran by Administrator on Wed 03/18/2015 at 21:39:41.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1DE6B792-10E8-4CE7-80BE-D9D43C45CDB8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1FB38D77-92D2-4878-9124-DDAF0AD23211}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{38DA712B-7ACF-43BB-92A5-C96EDC95A565}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3E9DAA6F-BA6F-49A4-B0EB-41558D1AF75C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{427FF982-2CB9-4972-846C-722FF3E886F1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{57E61065-56FC-4193-AC8A-4EF89542AD48}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5B4A071B-184C-4FD9-AE1D-E6893A03A7C8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5BBDF7AF-6408-4374-9658-CD2BC854074B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{86D2E724-4144-4E78-96E6-949E62B2DF83}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8E297C56-55EF-4A60-AE87-52185D0CACA5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A60C4157-D0EA-4EDC-A5F0-CF9D909383B0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C6C2FAB1-683B-492D-97AC-0FD0E0533BBC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C8762709-0A07-4140-A64D-D7186FC88F80}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D84E0EE3-A944-44A0-B54A-8F2E8F9CDAA6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DCB9F66B-B86A-4D02-9F2B-3160CE6917A7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F26DC3A4-696E-4500-BD21-C415A691C778}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/18/2015 at 21:46:00.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 15-03-14.03 - Administrator 03/19/2015 7:36.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6014.4388 [GMT -4:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\programdata\ntuser.pol
c:\users\Administrator\g2mdlhlpx.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2015-02-19 to 2015-03-19 )))))))))))))))))))))))))))))))
.
.
2015-03-19 11:42 . 2015-03-19 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-19 00:13 . 2015-01-29 05:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E56F83F1-C982-4B09-AD18-87EF49B9B1B1}\mpengine.dll
2015-03-19 00:13 . 2015-03-19 00:13 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FD05FF9-A944-4A68-9D21-EF4A2D65E469}\gapaengine.dll
2015-03-19 00:13 . 2015-01-29 05:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-19 00:12 . 2015-03-19 00:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2015-03-19 00:12 . 2015-03-19 00:12 -------- d-----w- c:\program files\Microsoft Security Client
2015-03-18 23:50 . 2015-03-18 23:52 -------- d-----w- C:\FRST
2015-03-18 22:45 . 2015-03-19 00:56 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-18 22:45 . 2015-03-18 23:50 -------- d-----w- c:\programdata\RogueKiller
2015-03-18 22:29 . 2015-03-19 01:32 -------- d-----w- C:\AdwCleaner
2015-03-18 11:47 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27B28CA5-C56C-4F98-A2A9-E60AAB6BD847}\mpengine.dll
2015-03-18 11:32 . 2015-03-19 01:34 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-18 11:31 . 2014-11-21 10:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-18 11:31 . 2015-03-18 11:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-18 11:31 . 2015-03-18 11:31 -------- d-----w- c:\programdata\Malwarebytes
2015-03-18 11:31 . 2014-11-21 10:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-18 11:31 . 2014-11-21 10:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-18 07:05 . 2015-03-18 07:05 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-03-18 07:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-03-18 07:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-03-18 07:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-03-18 07:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-03-18 07:02 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-03-18 07:02 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-03-18 07:02 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-03-18 07:02 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-03-18 02:27 . 2015-03-18 02:27 -------- d-----w- c:\program files\CCleaner
2015-03-17 23:01 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-03-17 23:01 . 2015-03-18 18:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-03-17 23:01 . 2015-03-17 23:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-03-17 22:13 . 2015-03-17 22:13 -------- d-----w- C:\SUPERDelete
2015-03-17 22:12 . 2015-03-17 22:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 22:12 . 2015-03-17 22:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-03-17 22:12 . 2015-03-17 22:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-03-16 21:13 . 2015-03-16 21:13 -------- d-----w- c:\users\Administrator\AppData\Local\Free_PDF_Solutions
2015-03-16 20:17 . 2015-03-16 20:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Free PDF Solutions
2015-03-16 20:14 . 2015-03-16 20:14 -------- d-----w- c:\program files (x86)\Free Downloads
2015-03-03 20:14 . 2015-03-03 20:22 -------- d-----w- c:\programdata\boost_interprocess
2015-03-03 20:14 . 2015-03-04 00:12 -------- d-----w- c:\programdata\FitbitConnect
2015-03-03 20:14 . 2015-03-03 20:14 -------- d-----w- c:\program files (x86)\Fitbit Connect
2015-02-18 13:47 . 2015-02-18 13:47 17323192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 20:04 . 2015-02-17 20:04 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-27 01:14 . 2010-02-11 20:21 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 08:17 . 2010-02-10 21:31 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\ibm\Lotus\Notes\nsd.exe;c:\ibm\Lotus\Notes\nsd.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
R2 NvcSvcMgr;Nortel VPN Client;c:\program files\CSC VPN CLIENT\NvcSvcMgr.exe;c:\program files\CSC VPN CLIENT\NvcSvcMgr.exe [x]
R2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys;c:\windows\SYSNATIVE\DRIVERS\nvcwfpco.sys [x]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
R3 AE6000;Linksys AE6000 Driver;c:\windows\system32\DRIVERS\AE6000w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE6000w764.sys [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys;c:\windows\SYSNATIVE\DRIVERS\ntnvca.sys [x]
R3 OV550I;Film and Photo Scanner;c:\windows\system32\Drivers\OVTX16.sys;c:\windows\SYSNATIVE\Drivers\OVTX16.sys [x]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{4E90AD03-7AA2-462A-A792-A393C270ACED}]
2009-07-14 01:14 398336 ----a-w- c:\windows\System32\regedit.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 12:47]
.
2015-03-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-03-17 15:52]
.
2015-03-19 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job
- c:\program files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-08 03:48]
.
2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 19:00]
.
2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 19:00]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 13:13]
.
2015-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 13:13]
.
2015-03-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-03-17 14:41]
.
2015-03-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-03-17 14:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73}: NameServer = 161.145.28.3,161.145.106.48
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PE Photo - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d3,
c5,7b,f0,36,06,a0,76,dd,65,c0,87,cf,b1
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,0f,
68,ce,82,41,03,aa,e9,95,9a,f0,9b,6a,5b
"{C723A437-2EAF-466D-A95B-3FA0966BF88C}"=hex:51,66,7a,6c,4c,1d,3b,1b,27,b8,38,
d9,91,7a,00,03,b5,59,7e,e0,97,29,bf,94
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:f7,1d,1d,65,a0,76,cd,01
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,e3,51,79,be,b1,5b,48,bd,c3,cf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,1d,65,d1,85,17,88,4b,a4,cc,33,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,42,5c,5c,f9,54,15,4a,95,1e,cb,\
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="msg_auto_file"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="GIMP-2.8-xcf"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-19 07:44:58
ComboFix-quarantined-files.txt 2015-03-19 11:44
.
Pre-Run: 120,292,683,776 bytes free
Post-Run: 120,312,700,928 bytes free
.
- - End Of File - - DBD1D8BE68E4245BBD0FEABAD0AEBCE1
A36C5E4F47E84449FF07ED3517B43A31
 
Why do I see Microsoft Security Essentials listed in Combofix?
It wasn't running when you posted FRST logs.
 
And I installed it per Step 1 in the instructions: UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions
 
You already have McAfee running.
You can't be running two AV programs.
Uninstall MSE.
 
It may be a good idea.

Re-run Farbar Recovery Scan Tool (FRST) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FIRST HALF OF FRST.TXT FILE:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Administrator (administrator) on WINDOWS-D9P51W1 on 20-03-2015 18:07:47
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(IBM) C:\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(IBM Corp) C:\IBM\Lotus\Notes\ntmulti.exe
(Nortel Networks) C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> {F230415A-9F9E-40B3-88C9-98D05D0A0604} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll [2011-02-04] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll [2011-02-04] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2015-02-19] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{67CA5EB9-A18A-48DD-99CC-130F17913B73}: [NameServer] 161.145.28.3,161.145.106.48

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-13] ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-01-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
FF Extension: Default Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\DefaultManager@Microsoft [2012-04-30]
FF Extension: Strong Signal - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f40qpxxi.default\Extensions\{6a37a6df-cdc9-4482-9257-c1fac286b4a9}.xpi [2015-03-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional"
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs...CtCtB&cr=1783096704&a=wny_ir_15_12&os=Windows 7 Professional&p={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Strong Signal) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aamaaompokdjbebnfbcfobpkklfkmddp [2015-03-17]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 Lotus Notes Diagnostics; C:\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [20792 2011-02-04] (McAfee, Inc.)
S4 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
S4 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [181480 2011-02-04] (McAfee, Inc.)
S4 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66880 2011-02-04] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mfevtp; C:\Windows\system32\mfevtps.exe [77968 2011-02-04] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 Multi-user Cleanup Service; C:\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
R2 NvcSvcMgr; C:\Program Files\CSC VPN CLIENT\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AE6000; C:\Windows\System32\DRIVERS\AE6000w764.sys [2196512 2013-01-25] (Ralink Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [98216 2011-02-04] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120352 2011-02-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464384 2011-02-04] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [79536 2011-02-04] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-02-04] (McAfee, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
S3 OV550I; C:\Windows\System32\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
S3 OV550I; C:\Windows\SysWOW64\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [18480 2010-01-23] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 18:07 - 2015-03-20 18:08 - 00019959 _____ () C:\Users\Administrator\Downloads\FRST.txt
2015-03-20 09:01 - 2015-03-20 09:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\smkits
2015-03-20 09:00 - 2015-03-20 09:00 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-03-20 04:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-03-20 04:10 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-03-20 04:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-03-20 04:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-03-20 04:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-03-20 04:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-03-20 04:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-03-20 03:55 - 2015-03-20 03:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-20 03:55 - 2015-03-20 03:55 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-20 03:35 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-20 03:35 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-20 03:03 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-20 03:03 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-03-19 07:47 - 2015-03-19 07:47 - 00000546 _____ () C:\Windows\PFRO.log
2015-03-19 07:46 - 2015-03-19 07:44 - 00034629 _____ () C:\Users\Administrator\Desktop\ComboFix.txt
2015-03-19 07:44 - 2015-03-19 07:44 - 00034629 _____ () C:\ComboFix.txt
2015-03-18 22:42 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-18 22:42 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-18 22:42 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-18 22:42 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-18 22:42 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-18 22:42 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-18 22:42 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-18 22:42 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-18 22:20 - 2015-03-19 07:45 - 00000000 ____D () C:\Qoobox
2015-03-18 22:20 - 2015-03-19 07:43 - 00000000 ____D () C:\Windows\erdnt
2015-03-18 22:02 - 2015-03-18 22:02 - 05615380 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2015-03-18 21:46 - 2015-03-18 21:46 - 00002524 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-03-18 21:36 - 2015-03-18 21:36 - 01388672 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2015-03-18 20:51 - 2015-03-18 20:52 - 15648856 _____ () C:\Users\Administrator\Downloads\RogueKiller.exe
2015-03-18 20:12 - 2015-03-19 22:08 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-18 20:09 - 2015-03-18 20:09 - 14160536 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall64.exe
2015-03-18 19:51 - 2015-03-18 19:52 - 00034308 _____ () C:\Users\Administrator\Downloads\Addition1.txt
2015-03-18 19:50 - 2015-03-20 18:07 - 00000000 ____D () C:\FRST
2015-03-18 19:50 - 2015-03-18 19:52 - 00036746 _____ () C:\Users\Administrator\Downloads\FRST1.txt
2015-03-18 18:45 - 2015-03-18 20:56 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-18 18:45 - 2015-03-18 19:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-18 18:29 - 2015-03-18 21:32 - 00000000 ____D () C:\AdwCleaner
2015-03-18 18:27 - 2015-03-18 18:27 - 00468480 _____ () C:\Users\Administrator\Downloads\CKScanner.exe
2015-03-18 18:26 - 2015-03-18 18:26 - 02095616 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-03-18 18:24 - 2015-03-18 18:24 - 18816600 _____ () C:\Users\Administrator\Downloads\RogueKillerX64.exe
2015-03-18 18:21 - 2015-03-18 18:21 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112 (1).exe
2015-03-18 18:20 - 2015-03-18 18:20 - 02171392 _____ () C:\Users\Administrator\Downloads\adwcleaner_4.112.exe
2015-03-18 15:55 - 2015-03-18 15:55 - 142302968 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\msert.exe
2015-03-18 14:36 - 2015-03-20 18:04 - 01271046 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 14:32 - 2015-03-20 18:06 - 00000448 _____ () C:\Windows\setupact.log
2015-03-18 14:32 - 2015-03-18 14:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-18 08:21 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-18 08:21 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-18 08:21 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-18 08:21 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-18 08:21 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-18 08:21 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-18 08:21 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-18 08:21 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-18 08:21 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-18 08:21 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-18 08:21 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-18 08:21 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-18 08:21 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-18 08:21 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-18 08:21 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-18 08:21 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-18 08:21 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-18 08:21 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-18 08:21 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-18 08:21 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-18 08:21 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-18 08:21 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-18 08:21 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-18 08:21 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-18 08:21 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-18 08:21 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-18 08:21 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-18 08:21 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-18 08:21 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-18 08:21 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-18 08:21 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-18 08:21 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-18 08:21 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-18 08:21 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-18 08:21 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-18 08:21 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-18 08:21 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-18 08:21 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-18 08:21 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-18 08:21 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-18 08:21 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-18 08:21 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-18 08:21 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-18 08:21 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-18 08:21 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-18 08:21 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-18 08:21 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-18 08:21 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-18 08:21 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-18 08:21 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-18 08:21 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-18 08:21 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-18 08:21 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-18 08:21 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-18 08:21 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-18 08:21 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-18 08:21 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-18 08:21 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-18 08:21 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-18 08:21 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-18 08:20 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-18 08:20 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-18 08:20 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-18 08:20 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-18 08:20 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-18 08:20 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-18 08:20 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-18 08:20 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-18 08:20 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated)
 
SECOND HALF OF FRST.TXT FILE:

C:\Windows\system32\atmfd.dll
2015-03-18 08:20 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-18 08:20 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-18 08:20 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-18 08:20 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-18 08:20 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-18 08:20 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-18 08:20 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-18 08:20 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-18 08:20 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-18 08:20 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-18 08:20 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-18 08:20 - 2014-12-11 13:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-18 08:20 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-18 08:20 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-03-18 08:20 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-03-18 08:20 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-03-18 08:20 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-03-18 08:20 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-03-18 08:20 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-03-18 08:20 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-03-18 08:20 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-03-18 08:20 - 2013-03-19 01:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-03-18 08:19 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-18 08:19 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-18 08:19 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-18 08:19 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-18 08:19 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-18 08:19 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-18 08:19 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-18 08:19 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-18 08:19 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-18 08:19 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-18 08:19 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-18 08:19 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-18 08:19 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-18 08:19 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-18 08:19 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-18 08:19 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-18 08:19 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-18 08:19 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-18 08:19 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-18 08:19 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-18 08:19 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-18 08:19 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-18 08:19 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-18 08:19 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-18 08:19 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-18 08:19 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-18 08:19 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-18 08:19 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-18 08:19 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-18 08:18 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-18 08:18 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-18 08:18 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-03-18 08:18 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-18 08:18 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-03-18 08:18 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-18 08:18 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-18 08:18 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-03-18 08:18 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-03-18 08:17 - 2014-10-13 22:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-18 08:16 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-18 08:16 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-18 08:16 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-18 08:16 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-18 08:16 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-18 08:16 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-18 08:16 - 2014-08-21 02:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-18 08:16 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-18 08:16 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-03-18 08:16 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-03-18 08:16 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-03-18 08:16 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-03-18 08:16 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-03-18 08:16 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-03-18 08:16 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-03-18 08:16 - 2013-10-03 22:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-03-18 08:16 - 2013-10-03 22:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-03-18 08:16 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-03-18 08:16 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-03-18 08:16 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-03-18 08:15 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-18 08:15 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-18 08:15 - 2014-11-10 21:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-03-18 08:15 - 2014-08-21 02:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-18 08:15 - 2014-08-21 02:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-03-18 08:15 - 2014-08-21 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-03-18 08:15 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-18 08:15 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-03-18 08:15 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-03-18 08:15 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-03-18 08:15 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-03-18 08:15 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-03-18 08:15 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-03-18 08:15 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-03-18 08:15 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-03-18 08:15 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-03-18 08:15 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-03-18 08:15 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-03-18 08:15 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-03-18 08:15 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-03-18 08:15 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-03-18 08:15 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-03-18 08:15 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-03-18 08:15 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-03-18 08:15 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-03-18 08:15 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-03-18 08:15 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-03-18 08:15 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-03-18 08:15 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-03-18 08:15 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-03-18 08:15 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-03-18 08:15 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-03-18 08:15 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-03-18 08:15 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-03-18 08:15 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-03-18 08:15 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-03-18 08:14 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-18 08:14 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-18 08:14 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-18 08:14 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-18 08:14 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-18 08:14 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-18 08:14 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-18 08:14 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-18 08:14 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-18 08:14 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-18 08:14 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-18 08:14 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-18 08:14 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-18 08:14 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-18 08:14 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-18 08:14 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-18 08:13 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-18 08:13 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-18 08:13 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-18 08:13 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-03-18 08:13 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-18 08:13 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-18 08:13 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-03-18 08:13 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-03-18 08:13 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-03-18 08:13 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-03-18 08:13 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-03-18 08:13 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-03-18 08:12 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-18 08:12 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-18 08:12 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-18 08:12 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-18 08:12 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-18 08:12 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-03-18 08:12 - 2014-10-02 22:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-18 08:12 - 2014-10-02 22:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-18 08:12 - 2014-10-02 22:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-18 08:12 - 2014-10-02 22:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-18 08:12 - 2014-10-02 22:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-18 08:12 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-03-18 08:12 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-03-18 08:12 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-03-18 08:12 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-03-18 08:12 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-03-18 08:12 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-18 08:12 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-03-18 08:12 - 2013-05-10 01:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-03-18 08:12 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-03-18 08:11 - 2014-11-07 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-18 08:11 - 2014-11-07 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-03-18 08:10 - 2014-10-24 21:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-18 08:10 - 2014-10-24 21:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-03-18 08:10 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-18 08:10 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-18 08:10 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-18 08:10 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-18 08:10 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-03-18 08:10 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-03-18 08:10 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-18 08:10 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-18 08:09 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-18 08:09 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-18 08:09 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-18 08:09 - 2014-10-13 22:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-18 08:09 - 2014-10-13 21:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-03-18 08:09 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-18 08:09 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-03-18 08:09 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-03-18 08:09 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-18 08:09 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-03-18 08:09 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-03-18 08:09 - 2013-01-24 02:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-03-18 08:07 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-03-18 08:07 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-03-18 08:06 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-03-18 07:32 - 2015-03-18 21:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 07:31 - 2015-03-18 07:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 07:31 - 2015-03-18 07:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-18 07:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 07:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 07:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 03:05 - 2015-03-18 03:05 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-03-18 03:02 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-18 03:02 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-03-18 03:02 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-03-18 03:02 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-18 03:02 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-18 03:02 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-18 03:02 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-03-18 03:02 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-03-17 22:44 - 2015-03-17 22:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-17 22:27 - 2015-03-17 22:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-17 22:27 - 2015-03-17 22:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-17 19:01 - 2015-03-18 14:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 19:01 - 2015-03-17 19:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-17 19:01 - 2015-03-17 19:01 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-17 19:01 - 2015-03-17 19:01 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-17 19:01 - 2015-03-17 19:01 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-17 19:01 - 2015-03-17 19:01 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-17 19:01 - 2015-03-17 19:01 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-17 19:01 - 2015-03-17 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-17 19:01 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-17 18:13 - 2015-03-17 18:13 - 00000000 ____D () C:\SUPERDelete
2015-03-17 18:12 - 2015-03-17 18:12 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-17 18:12 - 2015-03-17 18:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-17 18:09 - 2015-03-17 18:09 - 05325696 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup503.exe
2015-03-17 18:08 - 2015-03-17 18:08 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybot-2.4.exe
2015-03-17 18:06 - 2015-03-17 18:06 - 21440384 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
2015-03-17 18:04 - 2015-03-17 18:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-17 18:04 - 2015-03-17 18:04 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-17 18:02 - 2015-03-17 18:02 - 00243368 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-17 12:01 - 2015-03-17 12:01 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362 (1).msi
2015-03-17 11:57 - 2015-03-17 11:57 - 00652800 _____ () C:\Users\Administrator\Downloads\MicrosoftFixit50362.msi
2015-03-16 18:34 - 2015-03-16 18:34 - 00089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-03-16 17:13 - 2015-03-16 17:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Free_PDF_Solutions
2015-03-16 16:17 - 2015-03-16 16:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Free PDF Solutions
2015-03-16 16:16 - 2015-03-16 16:14 - 16394253 _____ (Free PDF Solutions) C:\Users\Administrator\Downloads\pdftojpg_setup [1].exe
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-03-16 16:13 - 2015-03-16 16:14 - 00993696 _____ ( ) C:\Users\Administrator\Downloads\pdftojpg_setup.exe
2015-03-16 14:49 - 2015-03-16 14:49 - 00014676 _____ () C:\Users\Administrator\Desktop\BULLETIN 3-11-15.txt
2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015.pages
2015-03-16 13:51 - 2015-03-16 13:51 - 00151559 _____ () C:\Users\Administrator\Downloads\WLFeb2015 (1).pages
2015-03-12 09:15 - 2015-03-12 09:15 - 39401336 _____ (Apple Inc.) C:\Users\Administrator\Downloads\QuickTimeInstaller (2).exe
2015-03-11 13:13 - 2015-03-11 13:44 - 00030399 _____ () C:\Users\Administrator\Documents\2015TAXES_2.xlsx
2015-03-11 12:36 - 2015-03-12 19:11 - 00030382 _____ () C:\Users\Administrator\Documents\2015TAXES.xlsx
2015-03-10 17:05 - 2015-03-10 17:05 - 00045315 _____ () C:\Users\Administrator\Downloads\EXPORT (15).CSV
2015-03-10 17:04 - 2015-03-11 12:35 - 00042020 _____ () C:\Users\Administrator\Downloads\EXPORT (14).CSV
2015-03-06 11:32 - 2015-03-06 11:32 - 00724507 _____ () C:\Users\Administrator\Downloads\FedEx_Service_Update_2015-03-06_8AM_vf.xlsx
2015-03-03 16:14 - 2015-03-03 20:12 - 00000000 ____D () C:\ProgramData\FitbitConnect
2015-03-03 16:14 - 2015-03-03 16:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-03-03 16:14 - 2015-03-03 16:14 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2015-03-03 16:10 - 2015-03-03 16:10 - 32688488 _____ (Fitbit Inc.) C:\Users\Administrator\Downloads\FitbitConnect_Win_20141107_2.0.0.6512.exe
2015-02-18 14:58 - 2015-02-18 15:07 - 47157614 _____ () C:\Users\Administrator\Documents\D7K_9882_pp1.xcf
2015-02-18 12:38 - 2015-02-18 12:38 - 45808412 _____ () C:\Users\Administrator\Documents\D7K_9878_pp1.xcf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 18:08 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 18:08 - 2009-07-14 00:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 18:06 - 2012-03-02 16:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 18:06 - 2010-02-10 17:19 - 00000000 ____D () C:\ProgramData\VMware
2015-03-20 18:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 18:02 - 2011-03-15 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
2015-03-20 17:49 - 2014-07-16 18:21 - 00000554 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job
2015-03-20 17:47 - 2012-10-05 17:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 17:30 - 2011-04-12 00:39 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job
2015-03-20 17:17 - 2012-03-02 16:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 14:30 - 2011-04-12 00:39 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job
2015-03-20 09:58 - 2011-04-11 23:51 - 00000000 ____D () C:\Users\Administrator\SametimeTranscripts
2015-03-20 09:00 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-20 09:00 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-20 04:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-20 03:59 - 2009-07-14 00:45 - 00412504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-20 03:55 - 2009-07-14 03:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-20 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-19 07:53 - 2009-07-14 01:13 - 00730592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 07:42 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-19 07:41 - 2011-03-15 12:07 - 00000000 ____D () C:\Users\Administrator
2015-03-18 23:48 - 2012-05-21 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-18 23:47 - 2010-02-11 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-18 23:02 - 2014-06-09 18:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-18 22:54 - 2012-05-21 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-18 22:54 - 2012-05-21 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-18 18:34 - 2013-02-26 13:38 - 00000000 ____D () C:\Temp
2015-03-18 14:36 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
2015-03-18 14:32 - 2012-10-03 17:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
2015-03-18 13:39 - 2012-10-05 17:54 - 00000000 ____D () C:\Program Files\Google
2015-03-18 13:39 - 2011-03-15 12:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-18 12:00 - 2011-03-15 12:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-03-18 08:59 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
2015-03-17 22:28 - 2012-07-19 17:28 - 00000000 ____D () C:\Windows\Minidump
2015-03-17 22:28 - 2010-02-10 19:05 - 00000000 ____D () C:\Windows\Panther
2015-03-17 18:05 - 2011-03-30 12:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2015-03-17 18:04 - 2011-03-15 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-17 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-03-16 18:53 - 2015-02-05 22:48 - 00000000 ____D () C:\Users\Administrator\.gimp-2.8
2015-03-16 18:34 - 2015-02-05 22:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\gtk-2.0
2015-03-10 09:26 - 2011-04-13 10:09 - 00000000 ____D () C:\Users\Administrator\Documents\LBSLC
2015-03-07 23:48 - 2014-07-16 18:21 - 00003614 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500
2015-02-26 21:14 - 2010-02-11 16:21 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-24 04:17 - 2010-02-10 17:31 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 11:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2011-08-26 17:26 - 2011-08-26 17:26 - 0000272 _____ () C:\Users\Administrator\AppData\Roaming\.backup.dm
2012-11-28 12:12 - 2015-02-02 23:44 - 0000570 _____ () C:\Users\Administrator\AppData\Roaming\gmic_faves
2012-11-28 10:42 - 2014-01-22 18:48 - 0001062 _____ () C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz
2013-11-14 21:32 - 2013-11-14 21:32 - 0893239 _____ () C:\Users\Administrator\AppData\Local\a.zip
2013-11-14 21:32 - 2013-11-14 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll
2015-03-16 18:34 - 2015-03-16 18:34 - 0089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-02-09 12:46 - 2015-02-09 12:46 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\sqljdbc_auth.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 14:28

==================== End Of Log ============================
 
ADDITION.TXT:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-20 18:09:18
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BMC Remedy Action Request System 7.5.00 Install 1 (HKLM-x32\...\ARSystem 1) (Version: 7.5.0.2 - BMC Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco Linksys AE6000 Driver (HKLM-x32\...\{02221266-B345-4544-A5C3-A995520E774D}) (Version: 1.1.0.3 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Crystal11_Redistributables (HKLM-x32\...\{154A9EEB-05FC-45E6-B7BD-75D27ED02276}) (Version: 1.00.0000 - BMC Software Inc.)
CSC VPN CLIENT (HKLM\...\{4EC5CF64-2E59-411D-0301-120101004016}) (Version: 10.04.016 - Nortel Networks)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
G'MIC for GIMP version 1.5.8.2 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.5.8.2 - )
Google Chrome (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.2.2417 (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\GoToMeeting) (Version: 7.1.2.2417 - CitrixOnline)
IBM Lotus Sametime Advanced Embedded 8.5.1 (HKLM-x32\...\{AE1C5284-571C-41E9-AE8C-77F8B21B2251}) (Version: 8.5.1.20100709-1631 - IBM)
IBM Lotus Sametime Connect 8.0.2 (HKLM-x32\...\{A2EF91BA-068C-4F6D-B6ED-52D1D272ED8F}) (Version: 8.02.081205 - IBM)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
ImageScanTool x64 1.023 (HKLM\...\{C97F4875-E097-4702-A2D8-494FEAB99CDF}) (Version: 1.00.2300 - Image Scan Tool)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lotus Notes 8.5.2 (HKLM-x32\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}) (Version: 4.0.0.1345 - McAfee, Inc.)
McAfee AntiSpyware Enterprise Module (HKLM-x32\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.7.0.129 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.00005 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Portrait Professional 11.2 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.2 - Anthropics Technology Ltd.)
Portrait Professional 11.2 Trial (HKLM-x32\...\PortraitProfessional11Trial_is1) (Version: 11.2 - Anthropics Technology Ltd.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Spotify (HKU\S-1-5-21-2979728093-1124239313-4181705486-500\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.0.1.11056 - VMware, Inc)
VMware Workstation (x32 Version: 7.0.1.11056 - VMware, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2979728093-1124239313-4181705486-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

18-03-2015 11:36:23 Removed WeatherApp
18-03-2015 11:52:33 Removed Free PDF to JPG Converter
18-03-2015 22:42:35 Windows Update
20-03-2015 03:00:28 Windows Update
20-03-2015 18:03:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-03-19 07:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013516AD-B455-40CB-A6B7-830AB1B56AAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {09677A8C-D4A0-48BE-B871-9A166BF0702C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {1331D7AF-B214-41CD-AE01-F60AC6128A89} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {232F09E8-4D68-4660-BD71-E5E1AD601BD2} - System32\Tasks\{E348C0BA-9755-4039-B6E7-D94CEB4084FA} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {240DB126-3A43-41F7-9913-EA76681591B2} - System32\Tasks\{00DB029D-CC01-41C3-8A03-C0B6D07D50B8} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {246D5036-8289-4928-8F1A-23612358B959} - System32\Tasks\{6F0E4623-C9C1-4B1D-892E-0539FAA66FD4} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
Task: {25925360-67A8-4636-9E9B-C8036FF12192} - System32\Tasks\{C4BC7C92-CECA-4813-A75F-A820D549B384} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {2D3D18C4-486B-443C-90FE-784BBB3AD25A} - System32\Tasks\{B27D859E-2C14-4BE6-987F-2645C91508B8} => pcalua.exe -a C:\SUPPORT\LOTUSN~1.2\CSC-EN~1.EXE -d C:\SUPPORT\LOTUSN~1.2
Task: {30AC5B0A-5BB0-4341-896B-E8C55ADAA894} - System32\Tasks\{417F94B9-E78D-46B5-81FE-2C9C23A68F7B} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {30E39869-55AD-446E-9602-8DC57E6CBEDB} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {5331A84A-73FA-4FE0-B9CB-B8548ED2C7EC} - System32\Tasks\{08683B08-8A73-4CC3-8C41-CDACF091656E} => pcalua.exe -a C:\Users\Administrator\Downloads\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Downloads
Task: {5EA19D18-BF92-4524-A5D2-B0C16359B669} - System32\Tasks\{9D37C61C-EEB1-4D81-976D-0F8C37DD2F4B} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
Task: {627DBF91-8FA7-4B86-97F1-335BD97A9D96} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2012-12-20] (Cisco Consumer Products LLC)
Task: {6772758C-AA01-4D1B-8C7B-8BF97E4D5739} - System32\Tasks\{0FF4EC9A-1751-4F34-8043-921DA55D4465} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {6A1A92DD-2FA4-4996-9406-BC69F8A0987A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {7390525C-55A4-4CD3-928F-156EC3F6B930} - System32\Tasks\{027630B8-011F-464A-A843-A0A80D2E03C3} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
Task: {83C20026-11BE-4C54-A6FE-E2721003EC57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {8486BDA2-CA38-494D-8DD0-8569D8738BE2} - System32\Tasks\{22788ACD-C416-4047-ABC9-1CFC8947D63A} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQGYG88U\g2m_codec.exe" -d C:\Users\Administrator\Desktop
Task: {8B3C2831-65E7-4274-904B-DFBAE3232F0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8D1209F3-A52E-4FBA-88F6-03300AC897BB} - System32\Tasks\{7577965B-3197-4B06-A7B4-C4BBE221DDEF} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {8DA43660-72DD-4552-BE77-C6D2FE986350} - System32\Tasks\{86EB6777-604A-4633-A9AD-7AAC43E039B8} => \\192.168.1.59\csc\windows 7 stuff\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe
Task: {92DC2FD2-106F-43A6-8BC6-496D0F48371A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {A29C6832-03CE-464B-9CBD-A843E4EA5028} - System32\Tasks\{318AA446-E7B9-4FCA-B788-5445178A14C1} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {A3385135-5E90-4CCC-998D-A24B143E1D82} - System32\Tasks\{F90D1AA4-5B18-43BA-B838-3C62C3535894} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {A6649822-72E9-47E0-B5CF-699AB48A9D21} - System32\Tasks\{CAD2216B-3623-48EC-863E-74B5498F21EB} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {AA3B95BE-48AE-4A45-AE19-DE20920B639C} - System32\Tasks\{DB18C36F-33DD-481F-9A3B-E2AAC511C86B} => C:\Program Files (x86)\Film and Photo Scanner\ImageScanTool.exe [2010-08-02] ()
Task: {B6D880A8-9FC1-49C4-B89F-55109D765845} - System32\Tasks\{257B6798-5C44-4452-BE72-0E648E563431} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-EAC486102d.exe -d C:\Users\Administrator\Desktop
Task: {C0EF7ADB-0A02-4DB6-94A8-446370DFA461} - System32\Tasks\{E73B4441-CB71-4C7A-BDE6-11F91BF4702A} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {C4DE6137-8410-42EB-8B80-264D64B2F835} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {C9762CCC-1C19-488D-9E01-88F6589FA108} - System32\Tasks\{D4632EC1-4BB2-4D63-B35B-85B588369A70} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {CA4D50A8-2040-4215-BD12-CBFD58639784} - System32\Tasks\{99BE8628-99D1-45D7-AA19-AFC8C32DBE79} => C:\Users\Administrator\Documents\GSM 7.5\Disk1\InstData\VM\setup.exe [2009-05-28] (Acresso)
Task: {CD263579-2B1C-49F1-BD33-CD38FF2D5B1D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500 => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D528E0D2-5743-4ADC-8839-E5837F495DDA} - System32\Tasks\{2E7DAC13-7A79-4CB0-9ADA-C9ED336C186C} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {D6134159-3D31-49DB-A99E-172A6C9DB18D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {E9D1321A-C547-4768-B4F3-4EFCCE9604C9} - System32\Tasks\{7BD15685-CFD9-4820-B183-B4A17CABE4C3} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {F2E6BCE5-BF53-49FA-878E-1FC0CBDC2B51} - System32\Tasks\{AD01C043-5FAD-44C3-860B-E0609A5F40A6} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: {FDE32750-1E88-4E29-B034-023D43B4C79C} - System32\Tasks\{AD82B8C8-20CA-4957-BC40-7A3327F5C69F} => pcalua.exe -a C:\Users\Administrator\Desktop\CSC-ENG-LotusNotesAsync-8.0.21.9112-GBL-R1.exe -d C:\Users\Administrator\Desktop
Task: {FF61A556-FDB6-4F03-B8A2-A86EB6FF83EA} - System32\Tasks\{F0EABA7B-2FC2-427C-A9A9-EF1C5140BC46} => C:\Users\Administrator\Downloads\CSC-ENG-McAfee_ePO-4.6-GBL-R1.exe [2014-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2979728093-1124239313-4181705486-500.job => C:\Program Files (x86)\Citrix\GoToMeeting\2417\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2979728093-1124239313-4181705486-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2011-01-27 17:13 - 2011-01-27 17:13 - 00226624 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-01-27 17:13 - 2011-01-27 17:13 - 00673088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-23 02:13 - 2010-01-23 02:13 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2010-01-23 02:13 - 2010-01-23 02:13 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2014-07-24 22:10 - 2012-11-27 15:12 - 01210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: bthserv => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: NVC => "C:\Program Files\CSC VPN CLIENT\Nvc.exe" -autostart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: Spotify => "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vmware-tray => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2979728093-1124239313-4181705486-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2979728093-1124239313-4181705486-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2979728093-1124239313-4181705486-1004 - Limited - Enabled)
__vmware_user__ (S-1-5-21-2979728093-1124239313-4181705486-1001 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) 82567LM-3 Gigabit Network Connection
Description: Intel(R) 82567LM-3 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1kexpress
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2015 07:34:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (03/19/2015 07:34:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (03/19/2015 07:34:32 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server


System errors:
=============
Error: (03/20/2015 03:56:53 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Error: (03/20/2015 03:52:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2978668).

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB3035126).

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3032359).

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2852386).

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB3031432).

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB3006226).

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2993651).

Error: (03/19/2015 07:51:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2973351).


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-03-19 07:41:45.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-19 07:41:45.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 42%
Total physical RAM: 6013.59 MB
Available physical RAM: 3443.49 MB
Total Pagefile: 12411.78 MB
Available Pagefile: 10176.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:120.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8F917E89)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-20 21:57:35 Run:1
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
Toolbar: HKU\S-1-5-21-2979728093-1124239313-4181705486-500 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
FF Plugin HKU\S-1-5-21-2979728093-1124239313-4181705486-500: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_12&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyByDtD0EyE0FyB0C0DtC0E0E0AyCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtCtBtAtCyCtAyDtGtA0D0AyCtGyC0EyC0FtGtBzz0FtCtGyCyE0DzyyEyCtBtA0AtAtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0C0F0CtD0BtGyDzytByEtGyEyBzzyCtGzzyE0B0AtGyB0B0A0B0CtAtCzzyCtBtByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyCtCtB%26cr%3D1783096704%26a%3Dwny_ir_15_12%26os%3DWindows 7 Professional"
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSearchURL: Default -> http://us.yhs4.search.yahoo.com/yhs...CtCtB&cr=1783096704&a=wny_ir_15_12&os=Windows 7 Professional&p={searchTerms}
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2011-08-26 17:26 - 2011-08-26 17:26 - 0000272 _____ () C:\Users\Administrator\AppData\Roaming\.backup.dm
2012-11-28 12:12 - 2015-02-02 23:44 - 0000570 _____ () C:\Users\Administrator\AppData\Roaming\gmic_faves
2012-11-28 10:42 - 2014-01-22 18:48 - 0001062 _____ () C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz
2013-11-14 21:32 - 2013-11-14 21:32 - 0893239 _____ () C:\Users\Administrator\AppData\Local\a.zip
2013-11-14 21:32 - 2013-11-14 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll
2015-03-16 18:34 - 2015-03-16 18:34 - 0089923 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2015-02-09 12:46 - 2015-02-09 12:46 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
C:\Windows\SysWOW64\sqljdbc_auth.dll

*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2979728093-1124239313-4181705486-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => Key deleted successfully.
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => Key not found.
HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
"HKU\S-1-5-21-2979728093-1124239313-4181705486-500\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\ADMINI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
catchme => Service deleted successfully.
C:\Users\Administrator\AppData\Roaming\.backup.dm => Moved successfully.
C:\Users\Administrator\AppData\Roaming\gmic_faves => Moved successfully.
C:\Users\Administrator\AppData\Roaming\gmic_sources.cimgz => Moved successfully.
C:\Users\Administrator\AppData\Local\a.zip => Moved successfully.
C:\Users\Administrator\AppData\Local\BcsKtYcHW.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\recently-used.xbel => Moved successfully.
C:\Users\Administrator\AppData\Local\resmon.resmoncfg => Moved successfully.
C:\Windows\SysWOW64\sqljdbc_auth.dll => Moved successfully.


The system needed a reboot.

==== End of Fixlog 21:57:35 ====
 
Back