TechSpot

Real stubborn malware that I can't find or get rid of

By Corey Dawkins
Mar 8, 2015
  1. For about 5-6 days I've been having a lot of trouble with an unknown malware that I can't find the root cause of. It started off with malwarebytes popping up and blocking certain incoming and outgoing traffic. I ran malwarebytes, norton 360, and CCleaner and that issue is going away but now I have trouble downloading or going to many, if not most, of the trusted anti-malware sites/software, like BleepingComputer.com and others like it. It also does not let me get updates from those sites.

    I can get to any other type of site, just not those to do with internet security and malware cleaning specifically. I tried to follow other direction but I think I might have messed up other things, plus it didn't solve my issue. Now, I can't connect to the localhost server on my machine for MySQL databases that I have. Any help will be so much appreciated. If I'm not able to get my work back, this will set me back a month or so.

    Here is the malwarebytes log:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/8/2015
    Scan Time: 4:17:43 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.11.20.06
    Rootkit Database: v2014.11.18.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Home

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 425152
    Time Elapsed: 13 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Here is the DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
    Run by Home at 16:42:55 on 2015-03-08
    #Option Extended Search is enabled.
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7970.5060 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k netsvcs
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
    C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
    C:\Windows\SysWOW64\NLSSRV32.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
    C:\Program Files (x86)\RescueTime\RescueTime.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\prevhost.exe
    C:\Program Files (x86)\PSPad editor\PSPad.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
    uRun: [Akamai NetSession Interface] "C:\Users\Home\AppData\Local\Akamai\netsession_win.exe"
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
    mRun: [JunosPulse] C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
    StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONEDRI~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
    IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
    IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
    IE: LastPass - C:\Users\Home\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - C:\Users\Home\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4} : NameServer = 8.8.8.8,8.8.8.8
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\7456F627765672370275962756C6563737D27657563747 : DHCPNameServer = 68.87.66.254 162.150.8.31 192.168.33.1
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\C6F67616E677966696 : DHCPNameServer = 192.168.240.1 8.8.8.8
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627 : NameServer = 8.8.8.8,8.8.8.8
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627 : DHCPNameServer = 10.1.10.1
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E647562723 : DHCPNameServer = 10.1.10.1
    TCP: Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Notify: igfxcui - <no file>
    SSODL: WebCheck - <orphaned>
    SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
    x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
    x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\
    FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
    FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
    FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll
    FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-11-6 36608]
    R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-1-30 129752]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2015-3-7 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2015-3-7 1148120]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-9 46368]
    R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [2015-2-24 1622744]
    R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2015-3-7 162392]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
    R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSviA64.sys [2015-3-6 669400]
    R1 jnprns;Juniper Network Service;C:\Windows\System32\drivers\jnprns.sys [2014-12-17 507192]
    R1 pwipf6;Privacyware Filter Driver;C:\Windows\System32\drivers\pwipf6.sys [2015-3-8 133152]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2015-3-7 266968]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2015-3-7 593112]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
    R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
    R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-2-3 122072]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-2-3 388824]
    R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-2-3 794328]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-11-25 2711736]
    R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2014-8-7 166232]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-17 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-17 969016]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2015-3-7 265040]
    R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2014-8-6 6144]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 124560]
    R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2014-3-13 230920]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-3-13 69640]
    R2 PFNet;Privacyware network service;C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2015-2-19 266240]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-3-7 142640]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-2-11 169752]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-11-6 454416]
    R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2014-7-8 45352]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2014-2-11 129224]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-17 25816]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-17 63704]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
    R3 rtsuvc;Realtek USB2.0 PC Camera;C:\Windows\System32\drivers\rtsuvc.sys [2014-11-6 9101016]
    R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-2-11 34544]
    S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-2-3 409304]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2013-7-18 83224]
    S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-6-24 58368]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-11 114688]
    S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\System32\drivers\jnprva.sys [2014-7-8 30072]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-24 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-24 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S4 jnprTdi_806_48695;Juniper Networks TDI Filter Driver (jnprTdi_806_48695);C:\Windows\System32\drivers\jnprTdi_806_48695.sys [2014-12-17 108344]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"
    FileExt: .jse: JSEFile=NOTEPAD.EXE %1
    FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
    .
    =============== Created Last 60 ================
    .
    2015-03-08 19:10:17 -------- d-----w- C:\$RECYCLE.BIN
    2015-03-08 19:01:30 98816 ----a-w- C:\Windows\sed.exe
    2015-03-08 19:01:30 256000 ----a-w- C:\Windows\PEV.exe
    2015-03-08 19:01:30 208896 ----a-w- C:\Windows\MBR.exe
    2015-03-08 18:42:19 -------- d-----w- C:\ProgramData\CheckPoint
    2015-03-08 18:36:22 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E2CD330-83F1-4186-AD7E-24D01683C219}\mpengine.dll
    2015-03-08 18:05:37 -------- d-----w- C:\SUPERDelete
    2015-03-08 17:59:28 -------- d-----w- C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-08 17:59:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2015-03-08 17:59:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2015-03-08 17:52:41 79064 ----a-w- C:\Windows\System32\drivers\dyaepb.sys
    2015-03-08 17:16:58 -------- d-----w- C:\ProgramData\UVK
    2015-03-08 17:16:55 -------- d-----w- C:\Program Files\UVK - Ultra Virus Killer
    2015-03-08 11:17:44 -------- d-----w- C:\Users\Home\AppData\Local\Privatefirewall
    2015-03-08 11:15:18 133152 ----a-w- C:\Windows\System32\drivers\pwipf6.sys
    2015-03-08 11:15:13 -------- d-----w- C:\ProgramData\Privacyware
    2015-03-08 11:15:13 -------- d-----w- C:\Program Files (x86)\Privacyware
    2015-03-08 08:39:23 -------- d-----w- C:\Users\Home\AppData\Local\Comodo
    2015-03-08 08:39:03 -------- d-----w- C:\ProgramData\Comodo Downloader
    2015-03-08 08:38:27 -------- d-----w- C:\ProgramData\Comodo
    2015-03-08 08:14:04 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
    2015-03-08 08:14:02 -------- d-----w- C:\ProgramData\RogueKiller
    2015-03-08 05:04:31 -------- d-----w- C:\Users\Home\AppData\Roaming\Task Coach
    2015-03-08 05:04:15 -------- d-----w- C:\Program Files (x86)\TaskCoach
    2015-03-08 03:46:52 -------- d-----w- C:\Users\Home\AppData\Roaming\tixati
    2015-03-08 03:46:25 -------- d-----w- C:\Program Files\tixati
    2015-03-08 03:39:56 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
    2015-03-08 03:39:56 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
    2015-03-08 03:39:56 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
    2015-03-08 03:39:56 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
    2015-03-08 03:39:56 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
    2015-03-08 03:39:56 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
    2015-03-08 03:39:56 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
    2015-03-08 03:39:55 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
    2015-03-08 03:39:33 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
    2015-03-08 01:52:09 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2015-03-08 01:52:09 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2015-03-08 01:51:08 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2015-03-08 01:51:07 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
    2015-03-08 01:35:25 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2015-03-07 16:57:25 -------- d-----w- C:\img
    2015-03-07 16:53:45 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-03-07 13:46:05 -------- d-----w- C:\Users\Home\AppData\Roaming\Local Store
    2015-03-05 16:44:03 -------- d-----w- C:\Program Files (x86)\DBConvert
    2015-03-05 14:24:51 -------- d-----w- C:\Users\Home\AppData\Roaming\RStudio
    2015-03-05 06:08:19 -------- d-----w- C:\Users\Home\AppData\Local\RStudio-Desktop
    2015-03-05 06:05:45 -------- d-----w- C:\Program Files\RStudio
    2015-03-05 06:04:53 -------- d-----w- C:\Program Files\R
    2015-03-05 05:42:31 2623488 ----a-w- C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
    2015-03-04 16:19:27 -------- d-----w- C:\Program Files\IBM
    2015-03-03 01:10:59 -------- d-----w- C:\Users\Home\AppData\Roaming\PC-FAX TX
    2015-03-02 00:27:03 -------- d-----w- C:\Users\Home\AppData\Local\AutoIt v3
    2015-03-02 00:10:27 -------- d-----w- C:\Program Files (x86)\AutoIt3
    2015-03-01 03:16:11 -------- d-----w- C:\Program Files\iPod
    2015-03-01 03:16:11 -------- d-----w- C:\Program Files (x86)\iTunes
    2015-03-01 03:16:10 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-03-01 03:16:10 -------- d-----w- C:\Program Files\iTunes
    2015-03-01 03:14:57 -------- d-----w- C:\Program Files\Bonjour
    2015-03-01 03:14:57 -------- d-----w- C:\Program Files (x86)\Bonjour
    2015-02-25 14:36:14 -------- d-----w- C:\Users\Home\AppData\Roaming\VideoAnalyzer
    2015-02-25 14:35:22 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
    2015-02-25 14:34:32 7440 ----a-w- C:\Windows\SysWow64\ppmon.dll
    2015-02-25 14:34:32 41984 ----a-w- C:\Windows\System32\ppmon64.exe
    2015-02-25 14:34:32 245568 ----a-w- C:\Windows\System32\NWKL2_64.DLL
    2015-02-25 14:34:32 24136 ----a-w- C:\Windows\SysWow64\ppmon.exe
    2015-02-25 14:34:32 236352 ----a-w- C:\Windows\System32\KL2DLL64.DLL
    2015-02-25 14:34:32 207168 ----a-w- C:\Windows\SysWow64\NWKL2_32.DLL
    2015-02-25 14:34:32 198976 ----a-w- C:\Windows\SysWow64\KL2DLL32.DLL
    2015-02-25 14:34:32 12480 ----a-w- C:\Windows\SysWow64\KL2N.DLL
    2015-02-25 14:34:31 -------- d-----w- C:\Users\Home\AppData\Local\KEYLOK
    2015-02-25 14:34:27 -------- d-----w- C:\VideosForAnalysis
    2015-02-24 15:31:04 -------- d-----r- C:\Users\Home\OneDrive - Probaseballinjuries.com
    2015-02-22 16:33:55 -------- d-----w- C:\Program Files (x86)\Western Digital
    2015-02-22 14:22:47 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2015-02-22 14:22:46 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1A4174A-9D96-4FA9-9150-B52190C725CA}\gapaengine.dll
    2015-02-20 03:48:08 -------- d-----w- C:\Brother
    2015-02-20 03:48:03 -------- d-----w- C:\ProgramData\ControlCenter4
    2015-02-20 03:48:03 -------- d-----w- C:\Program Files (x86)\Browny02
    2015-02-20 03:47:46 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll
    2015-02-20 03:47:46 245760 ------w- C:\Windows\SysWow64\NSSearch.dll
    2015-02-20 03:47:45 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
    2015-02-20 03:47:45 5120 ------w- C:\Windows\SysWow64\BrDctF2S.dll
    2015-02-19 03:10:13 -------- d-----w- C:\Users\Home\AppData\Local\twitter
    2015-02-19 03:07:58 -------- d-----w- C:\Program Files (x86)\Twitter
    2015-02-14 16:30:49 -------- d-----w- C:\ProgramData\BlueStacks
    2015-02-14 16:30:49 -------- d-----w- C:\Program Files (x86)\BlueStacks
    2015-02-14 16:30:07 -------- d-----w- C:\Users\Home\AppData\Local\Bluestacks
    2015-02-13 17:56:39 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2015-02-13 17:56:38 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2015-02-13 17:56:38 6041600 ----a-w- C:\Windows\System32\jscript9.dll
    2015-02-13 17:56:38 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-02-13 17:52:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2015-02-13 17:52:14 -------- d-----w- C:\Program Files\Microsoft Security Client
    2015-02-13 01:01:47 950272 ----a-w- C:\Windows\System32\perftrack.dll
    2015-02-13 01:01:47 91136 ----a-w- C:\Windows\System32\wdi.dll
    2015-02-13 01:01:47 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
    2015-02-13 01:01:47 29696 ----a-w- C:\Windows\System32\powertracker.dll
    2015-02-11 09:18:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2015-02-11 09:17:58 3201536 ----a-w- C:\Windows\System32\win32k.sys
    2015-02-06 03:43:42 -------- d-sh--w- C:\Users\Home\AppData\Local\ms-drivers
    2015-02-03 23:07:16 69632 ----a-w- C:\Windows\SysWow64\rtact.ocx
    2015-02-02 03:28:36 -------- d-----w- C:\Users\Home\Tracing
    2015-02-02 03:22:42 -------- d-----w- C:\Users\Home\AppData\Local\Skype
    2015-02-02 03:22:31 -------- d-----r- C:\Program Files (x86)\Skype
    2015-01-28 16:58:37 -------- d-----w- C:\Users\Home\.eclipse
    2015-01-25 04:23:07 -------- d-----w- C:\Users\Home\AppData\Roaming\Extreme URL Generator
    2015-01-25 04:10:10 -------- d-----w- C:\Program Files (x86)\Extreme URL Generator
    2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2015-01-22 03:30:43 -------- d-----w- C:\NPE
    2015-01-18 20:15:59 -------- d-sh--w- C:\Users\Home\AppData\Local\icsxml
    2015-01-18 20:15:54 -------- d-----w- C:\Users\Home\AppData\Local\Paprika
    2015-01-18 20:15:44 -------- d-----w- C:\Program Files (x86)\Paprika Recipe Manager
    2015-01-13 21:55:52 210432 ----a-w- C:\Windows\System32\profsvc.dll
    2015-01-13 21:55:50 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
    2015-01-13 21:55:50 303616 ----a-w- C:\Windows\System32\nlasvc.dll
    2015-01-13 21:55:50 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2015-01-13 21:55:46 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
    2015-01-13 21:55:18 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
    2015-01-12 04:53:48 -------- d-----w- C:\ProgramData\Radium Technologies
    2015-01-12 04:53:48 -------- d-----w- C:\Program Files (x86)\Radium Technologies
    2015-01-11 21:15:50 -------- d-----w- C:\Users\Home\AppData\Local\Spotify
    2015-01-11 21:12:24 -------- d-----w- C:\Users\Home\AppData\Roaming\Spotify
    .
    ==================== Find6M ====================
    .
    2015-03-08 20:15:11 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
    2015-02-09 13:42:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-05 00:40:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 00:40:19 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
    2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
    2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
    2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
    2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
    2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
    2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
    2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
    2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
    2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
    2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
    2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
    2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
    2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
    2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
    2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
    2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
    2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
    2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
    2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
    2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
    2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
    2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
    2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
    2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2014-12-08 19:48:22 6453248 ----a-w- C:\Windows\SysWow64\uEye_api.dll
    2014-12-08 19:48:22 1294336 ----a-w- C:\Windows\SysWow64\uEyeCam.ocx
    2014-12-08 03:09:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
    2014-12-08 02:46:05 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
    2014-11-26 03:53:59 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-11-26 03:32:05 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-11-21 10:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-21 10:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-21 10:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-19 14:03:09 4028928 ----a-w- C:\Windows\System32\drivers\athrx.sys
    2014-11-15 19:46:08 274696 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2014-11-15 19:46:08 124560 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
    2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-11-06 04:44:46 125952 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
    2014-11-06 04:44:17 454416 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
    2014-11-06 04:44:04 36608 ----a-w- C:\Windows\System32\drivers\amdkmpfd.sys
    2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
    2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
    .
    ============= FINISH: 16:43:24.70 ===============
     
  2. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Here is the attach.TXT


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/8/2013 6:24:28 PM
    System Uptime: 3/8/2015 3:14:32 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K53E
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 699 GiB total, 540.383 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20 (x64 edition)
    Adobe AIR
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    AES Crypt
    Akamai NetSession Interface
    Alcor Micro USB Card Reader Driver
    Amazon Kindle
    Apple Application Support (32-bit)
    Apple Application Support (64-bit)
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    AutoIt v3.3.12.0
    AviSynth 2.5
    BlueStacks App Player
    BlueStacks Notification Center
    Bonjour
    Brother MFL-Pro Suite MFC-J435W
    Catalina Savings Printer
    CCleaner
    Citrix Authentication Manager
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver Updater
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    DHTML Editing Component
    Dropbox
    Evernote v. 5.8.3
    Extreme URL Generator 1.4
    Foxit Reader
    Getting Things Done Outlook Add-In
    Google Chrome
    Google Drive
    Google Update Helper
    HP Officejet Pro 8600 Basic Device Software
    IBM SPSS Statistics 21
    Intel(R) Processor Graphics
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel® Watchdog Timer Driver (Intel® WDT)
    iTunes
    Java 8 Update 31
    Java Auto Updater
    Juniper Citrix Services Client
    Juniper Networks Network Connect 7.1.17
    Juniper Networks Setup Client
    Juniper Networks Setup Client 64-bit Activex Control
    Juniper Networks, Inc. Setup Client Activex Control
    Junos Pulse 5.0
    Junos Pulse Core Components
    Junos Pulse Drivers Add-On
    Junos Pulse Host Checker Plugin Add-On
    Junos Pulse Tunnel Manager Add-On
    Junos Pulse UAC/NC Components
    LastPass (uninstall only)
    Legacy 8.0
    Malwarebytes Anti-Malware version 2.0.4.1028
    Mendeley Desktop 1.12.2
    Microsoft .NET Framework 4.5.2
    Microsoft Office 365 Business - en-us
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft OneDrive
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SharePoint Designer 2013 - en-us
    Microsoft Silverlight
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 36.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL Connector/ODBC 5.3
    MySQL Fabric 1.5.3 & MySQL Utilities 1.5.3
    MySQL Installer
    MySQL Server 5.6
    MySQL Workbench 6.2 CE
    Neat
    Neat ADF Scanner Driver
    Neat Core Files
    Neat Mobile Scanner Driver
    NeatConnect Scanner Driver
    Nitro Pro 9
    Norton Security Suite
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Online Plug-in
    Paprika Recipe Manager
    PhotoScape
    Picasa 3
    Privatefirewall 7.0
    PSPad editor
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    QuickTime 7
    R for Windows 3.1.2
    Realtek High Definition Audio Driver
    RescueTime 2.10.1.1240
    RStudio
    Self-service Plug-in
    Send To Neat
    Skype™ 7.1
    Sonic Focus
    Spotify
    SQLyog 11.33 (64 bit)
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Task Coach 1.4.2
    Tixati
    TurboTax 2013 WinPerFedFormset
    TurboTax 2013 WinPerReleaseEngine
    TurboTax 2013 WinPerTaxSupport
    TurboTax 2013 wmaiper
    TurboTax 2013 wrapper
    TweetDeck
    USB2.0 UVC VGA WebCam
    UVK - Ultra Virus Killer
    VC8 CRT
    WD My Cloud
    Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0)
    XAMPP
    YNAB 4 version 4.3.656
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/8/2015 3:15:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/8/2015 3:15:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: zlnimc
    3/8/2015 3:15:03 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
    3/8/2015 3:14:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/8/2015 3:14:53 PM, Error: Service Control Manager [7023] - The Windows Process Activation Service service terminated with the following error: The system cannot find the path specified.
    3/8/2015 3:14:53 PM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The system cannot find the path specified.
    3/8/2015 3:14:52 PM, Error: Microsoft-Windows-WAS [5188] - The directory specified for the temporary application pool config files is either missing or is not accessible by the Windows Process Activation Service. Please specify an existing directory and/or ensure that it has proper access flags. The data field contains the error number.
    3/8/2015 3:14:52 PM, Error: Microsoft-Windows-WAS [5005] - Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
    3/8/2015 3:13:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 2:25:05 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 2:23:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 2:23:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/8/2015 2:23:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/8/2015 2:23:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/8/2015 2:23:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/8/2015 2:23:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 MpFilter SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 zlnimc
    3/8/2015 2:23:04 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2015 2:23:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/8/2015 2:09:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/8/2015 2:08:34 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    3/8/2015 2:01:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    3/8/2015 2:00:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 2:00:20 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
    3/8/2015 2:00:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/8/2015 2:00:00 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    3/8/2015 12:41:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    3/8/2015 12:40:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.193.2001.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11400.0 Error code: 0x80072ee2 Error description: The operation timed out
    3/8/2015 12:40:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.193.2001.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11400.0 Error code: 0x80072ee2 Error description: The operation timed out
    3/8/2015 12:40:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.193.2001.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11400.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    3/8/2015 12:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/8/2015 12:29:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/8/2015 12:29:57 PM, Error: Service Control Manager [7034] - The Privacyware network service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:28:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 MpFilter spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 zlnimc
    3/8/2015 12:28:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/8/2015 12:23:42 PM, Error: Service Control Manager [7009] - A timeout was reached (180000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
    3/8/2015 12:23:42 PM, Error: Service Control Manager [7000] - The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/8/2015 12:19:49 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:49 PM, Error: Service Control Manager [7034] - The BlueStacks Android Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:48 PM, Error: Service Control Manager [7034] - The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:47 PM, Error: Service Control Manager [7034] - The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:44 PM, Error: Service Control Manager [7034] - The NitroPDFDriverCreatorReadSpool9 service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:44 PM, Error: Service Control Manager [7034] - The Neat Startup Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:44 PM, Error: Service Control Manager [7034] - The Nalpeiron Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:43 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:43 PM, Error: Service Control Manager [7034] - The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:43 PM, Error: Service Control Manager [7031] - The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    3/8/2015 12:19:43 PM, Error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    3/8/2015 12:19:43 PM, Error: Service Control Manager [7031] - The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/8/2015 12:19:42 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:42 PM, Error: Service Control Manager [7034] - The BlueStacks Log Rotator Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2015 12:19:42 PM, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/8/2015 12:19:41 PM, Error: Service Control Manager [7031] - The Juniper Unified Network Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    3/8/2015 1:57:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/8/2015 1:57:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 jnprns MpFilter NetBIOS NetBT nsiproxy Psched pwipf6 rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf zlnimc
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2015 1:57:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/8/2015 1:23:32 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] You're running two AV programs, MSE and Norton.
    You must uninstall one of them.
    If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html
    If you decide to keep Norton instead you have to uninstall Privatefirewall 7.0 because you can't be running two firewall either (Norton provides one already)..

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  4. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Thank you so much for helping me.

    I uninstalled PrivateFirewall 7.0 no problem. After the reboot, I tried to uninstall Microsoft Security Essentials through the control panel and it gave me this error:

    "You do not have sufficient access to uninstall Microsoft Security Essentials. Please contact your system administrator".

    I tried to uninstall it through CCleaner and it gave me this error:

    Error:1260 - This program is blocked by group policy. For more information, contact your system administrator."

    Should I continue with your other steps or wait until I fully uninstall MSE?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

  6. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    I tried to open that link in firefox and in chrome and both times it timed out. I can still go to other non-securtity related sites like mlb.com with no problem. It doesn't even allow me to go to http://support.microsoft.com.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    OK, let's leave it for now.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    I was only able to download the combofix from geekstogo. I was unable to get the rkill link to work but I had an earlier version already on my computer.

    I restarted in safe mode and ran rkill. I was unable to get combofix to work, even after renaming because it says that microsoft security essentials and norton were both running. For norton, I disabled the active protection and the firewall prior to running these but it still came up as active. I tried to kill the process and the service through the task manager but it said that "access is denied".

    The rkill log is below:

    Rkill 2.6.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 03/08/2015 09:19:26 PM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 03/08/2015 09:19:47 PM
    Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    In safe mode you don't have to disable anything so disregard Combofix warnings and run it anyway (in safe mode).
     
  10. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Here is the ComboFix log:

    ComboFix 15-03-09.01 - Home 03/09/2015 17:52:42.2.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7970.7181 [GMT -4:00]
    Running from: c:\users\Home\Desktop\your_name.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    ADS - Windows: deleted 192 bytes in 1 streams.
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-09 to 2015-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-09 21:59 . 2015-03-09 21:59 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2015-03-09 21:59 . 2015-03-09 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-09 21:59 . 2015-03-09 21:59 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2015-03-08 18:42 . 2015-03-08 18:42 -------- d-----w- c:\programdata\CheckPoint
    2015-03-08 18:36 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E2CD330-83F1-4186-AD7E-24D01683C219}\mpengine.dll
    2015-03-08 18:05 . 2015-03-08 18:05 -------- d-----w- C:\SUPERDelete
    2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-08 17:59 . 2015-03-09 00:34 -------- d-----w- c:\program files\SUPERAntiSpyware
    2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2015-03-08 17:52 . 2015-03-08 17:52 79064 ----a-w- c:\windows\system32\drivers\dyaepb.sys
    2015-03-08 17:16 . 2015-03-08 17:24 -------- d-----w- c:\programdata\UVK
    2015-03-08 17:16 . 2015-03-08 18:20 -------- d-----w- c:\program files\UVK - Ultra Virus Killer
    2015-03-08 11:17 . 2015-03-08 11:17 -------- d-----w- c:\users\Home\AppData\Local\Privatefirewall
    2015-03-08 11:15 . 2015-03-08 11:15 -------- d-----w- c:\programdata\Privacyware
    2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\users\Home\AppData\Local\Comodo
    2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\programdata\Comodo Downloader
    2015-03-08 08:38 . 2015-03-08 09:14 -------- d-----w- c:\programdata\Comodo
    2015-03-08 08:14 . 2015-03-08 18:02 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-08 08:14 . 2015-03-08 08:27 -------- d-----w- c:\programdata\RogueKiller
    2015-03-08 05:04 . 2015-03-09 02:46 -------- d-----w- c:\users\Home\AppData\Roaming\Task Coach
    2015-03-08 05:04 . 2015-03-08 05:04 -------- d-----w- c:\program files (x86)\TaskCoach
    2015-03-08 01:52 . 2015-03-08 01:52 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2015-03-08 01:52 . 2015-03-08 01:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2015-03-08 01:51 . 2015-03-08 03:48 -------- d-----w- c:\windows\system32\drivers\N360x64
    2015-03-08 01:51 . 2015-03-08 01:51 -------- d-----w- c:\program files (x86)\Norton Security Suite
    2015-03-08 01:35 . 2015-03-08 01:35 -------- d-----w- c:\program files (x86)\NortonInstaller
    2015-03-07 16:57 . 2015-03-07 16:57 -------- d-----w- C:\img
    2015-03-07 16:53 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-03-07 13:46 . 2015-03-07 13:47 -------- d-----w- c:\users\Home\AppData\Roaming\Local Store
    2015-03-05 16:44 . 2015-03-05 16:44 -------- d-----w- c:\program files (x86)\DBConvert
    2015-03-05 14:24 . 2015-03-05 14:24 -------- d-----w- c:\users\Home\AppData\Roaming\RStudio
    2015-03-05 06:08 . 2015-03-05 18:09 -------- d-----w- c:\users\Home\AppData\Local\RStudio-Desktop
    2015-03-05 06:04 . 2015-03-05 06:04 -------- d-----w- c:\program files\R
    2015-03-05 05:42 . 2015-03-05 05:42 2623488 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll
    2015-03-04 16:19 . 2015-03-04 16:19 -------- d-----w- c:\program files\IBM
    2015-03-03 01:10 . 2015-03-03 01:10 -------- d-----w- c:\users\Home\AppData\Roaming\PC-FAX TX
    2015-03-02 00:27 . 2015-03-02 00:27 -------- d-----w- c:\users\Home\AppData\Local\AutoIt v3
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files (x86)\iTunes
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iPod
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iTunes
    2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files\Bonjour
    2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files (x86)\Bonjour
    2015-03-01 03:14 . 2015-03-01 03:16 -------- d-----w- c:\program files\Common Files\Apple
    2015-02-24 15:31 . 2015-03-09 02:46 -------- d-----r- c:\users\Home\OneDrive - Probaseballinjuries.com
    2015-02-22 16:33 . 2015-02-22 16:33 -------- d-----w- c:\program files (x86)\Western Digital
    2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1A4174A-9D96-4FA9-9150-B52190C725CA}\gapaengine.dll
    2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- C:\Brother
    2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\programdata\ControlCenter4
    2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\program files (x86)\Browny02
    2015-02-20 03:47 . 2012-03-19 18:09 245760 ------w- c:\windows\SysWow64\NSSearch.dll
    2015-02-20 03:47 . 2007-12-14 03:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
    2015-02-20 03:47 . 2012-07-09 22:19 5120 ------w- c:\windows\SysWow64\BrDctF2S.dll
    2015-02-20 03:47 . 2010-03-16 00:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
    2015-02-20 03:46 . 2015-03-08 10:33 -------- d-----w- c:\users\Home\AppData\Roaming\InstallShield
    2015-02-19 03:10 . 2015-02-19 03:10 -------- d-----w- c:\users\Home\AppData\Local\twitter
    2015-02-19 03:07 . 2015-02-19 03:07 -------- d-----w- c:\program files (x86)\Twitter
    2015-02-14 16:30 . 2015-03-09 01:51 -------- d-----w- c:\program files (x86)\BlueStacks
    2015-02-14 16:30 . 2015-02-14 16:31 -------- d-----w- c:\programdata\BlueStacks
    2015-02-14 16:30 . 2015-02-14 16:30 -------- d-----w- c:\users\Home\AppData\Local\Bluestacks
    2015-02-13 17:56 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2015-02-13 17:56 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2015-02-13 17:56 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-13 17:56 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
    2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files\Microsoft Security Client
    2015-02-13 01:01 . 2015-02-13 01:01 950272 ----a-w- c:\windows\system32\perftrack.dll
    2015-02-13 01:01 . 2015-02-13 01:01 91136 ----a-w- c:\windows\system32\wdi.dll
    2015-02-13 01:01 . 2015-02-13 01:01 76800 ----a-w- c:\windows\SysWow64\wdi.dll
    2015-02-13 01:01 . 2015-02-13 01:01 29696 ----a-w- c:\windows\system32\powertracker.dll
    2015-02-11 09:18 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-11 09:17 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-09 21:49 . 2014-01-30 04:20 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-03 13:17 . 2013-07-08 22:40 295552 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-12 08:01 . 2013-07-08 23:23 116773704 ----a-w- c:\windows\system32\MRT.exe
    2015-02-09 13:42 . 2014-07-18 19:18 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-05 00:40 . 2013-07-15 18:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 00:40 . 2013-07-15 18:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-03 23:07 . 2015-02-03 23:07 69632 ----a-w- c:\windows\SysWow64\rtact.ocx
    2015-01-14 04:03 . 2014-11-25 06:45 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-12-19 03:06 . 2015-01-13 21:55 210432 ----a-w- c:\windows\system32\profsvc.dll
    2014-12-19 01:46 . 2015-01-13 21:55 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2014-12-11 17:47 . 2015-01-13 21:55 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2014-02-07 04:33 . 2014-02-07 04:33 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Home\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com" [2015-03-08 7780120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
    "Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
    "JunosPulse"="c:\program files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe" [2014-08-07 2521944]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
    .
    c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\GROOVE.EXE /RunFolderSync /TrayOnly [2014-12-23 8709304]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-2-7 13024768]
    RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2014-12-4 3407360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
    [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcssync
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\utorrent
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R0 zlnimc;zlnimc; [x]
    R1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [x]
    R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
    R1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [x]
    R1 jnprns;Juniper Network Service;c:\windows\system32\DRIVERS\jnprns.sys;c:\windows\SYSNATIVE\DRIVERS\jnprns.sys [x]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
    R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
    R2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
    R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R4 jnprTdi_806_48695;Juniper Networks TDI Filter Driver (jnprTdi_806_48695);c:\windows\system32\Drivers\jnprTdi_806_48695.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_806_48695.sys [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-02-20 06:57 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 00:40]
    .
    2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
    .
    2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
    .
    2015-03-09 c:\windows\Tasks\injury database backup.job
    - c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
    .
    2015-02-02 c:\windows\Tasks\retrosheet_backup.job
    - c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
    .
    2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Clip bookmark - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
    IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
    IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
    IE: LastPass - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
    Trusted Zone: sharepoint.com\probaseballinjuries
    Trusted Zone: sharepoint.com\probaseballinjuries-my
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}: NameServer = 8.8.8.8,8.8.8.8
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627: NameServer = 8.8.8.8,8.8.8.8
    TCP: Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    "Key"="ActionsPane3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
    "Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
    "0"="Microsoft Actions Pane 3"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-03-09 18:01:59
    ComboFix-quarantined-files.txt 2015-03-09 22:01
    ComboFix2.txt 2015-03-08 19:16
    .
    Pre-Run: 577,805,090,816 bytes free
    Post-Run: 577,368,965,120 bytes free
    .
    - - End Of File - - F7C84DD93D467BB258E7B0FB8457253E
    A36C5E4F47E84449FF07ED3517B43A31
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\dyaepb.sys
    
    Folder::
    
    Driver::
    dyaepb
    zlnimc
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  12. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    It did ask to be rebooted. You will see that MSE and Norton were still active, despite myself trying to close it down.

    ComboFix 15-03-09.01 - Home 03/09/2015 19:14:38.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7970.5863 [GMT -4:00]
    Running from: c:\users\Home\Desktop\ComboFix.exe
    Command switches used :: c:\users\Home\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\dyaepb.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Home\AppData\Local\Temp\_MEI20562\_ctypes.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\_elementtree.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\_hashlib.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\_multiprocessing.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\_socket.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\_ssl.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\_yappi.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\hashobjs_ext.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\pyexpat.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\pysqlite2._sqlite.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\python27.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\pythoncom27.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\PyWinTypes27.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\select.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\unicodedata.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32api.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32com.shell.shell.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32crypt.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32event.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32file.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32gui.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32inet.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32pdh.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32pipe.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32process.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32profile.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32security.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\win32ts.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\windows._lib_cacheinvalidation.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._animate.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._controls_.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._core_.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._gdi_.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._html2.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._misc_.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._windows_.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wx._wizard.pyd
    c:\users\Home\AppData\Local\Temp\_MEI20562\wxbase294u_net_vc90.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\wxbase294u_vc90.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_adv_vc90.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_core_vc90.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_html_vc90.dll
    c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_webview_vc90.dll
    c:\windows\system32\drivers\dyaepb.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_ZLNIMC
    -------\Service_zlnimc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-09 to 2015-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-09 23:37 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CA84B1F-9D91-4AFD-BE0B-F65688282ECC}\gapaengine.dll
    2015-03-09 23:37 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9661D26-0959-4294-B26D-2CCFD5FA79B3}\mpengine.dll
    2015-03-09 23:22 . 2015-03-09 23:22 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2015-03-09 23:22 . 2015-03-09 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-09 23:22 . 2015-03-09 23:22 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2015-03-08 18:42 . 2015-03-08 18:42 -------- d-----w- c:\programdata\CheckPoint
    2015-03-08 18:36 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-03-08 18:05 . 2015-03-08 18:05 -------- d-----w- C:\SUPERDelete
    2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-08 17:59 . 2015-03-09 22:18 -------- d-----w- c:\program files\SUPERAntiSpyware
    2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2015-03-08 17:16 . 2015-03-08 17:24 -------- d-----w- c:\programdata\UVK
    2015-03-08 17:16 . 2015-03-08 18:20 -------- d-----w- c:\program files\UVK - Ultra Virus Killer
    2015-03-08 11:17 . 2015-03-08 11:17 -------- d-----w- c:\users\Home\AppData\Local\Privatefirewall
    2015-03-08 11:15 . 2015-03-08 11:15 -------- d-----w- c:\programdata\Privacyware
    2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\users\Home\AppData\Local\Comodo
    2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\programdata\Comodo Downloader
    2015-03-08 08:38 . 2015-03-08 09:14 -------- d-----w- c:\programdata\Comodo
    2015-03-08 08:14 . 2015-03-08 18:02 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-08 08:14 . 2015-03-08 08:27 -------- d-----w- c:\programdata\RogueKiller
    2015-03-08 05:04 . 2015-03-09 02:46 -------- d-----w- c:\users\Home\AppData\Roaming\Task Coach
    2015-03-08 05:04 . 2015-03-08 05:04 -------- d-----w- c:\program files (x86)\TaskCoach
    2015-03-08 01:52 . 2015-03-08 01:52 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2015-03-08 01:52 . 2015-03-08 01:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2015-03-08 01:51 . 2015-03-08 03:48 -------- d-----w- c:\windows\system32\drivers\N360x64
    2015-03-08 01:51 . 2015-03-08 01:51 -------- d-----w- c:\program files (x86)\Norton Security Suite
    2015-03-08 01:35 . 2015-03-08 01:35 -------- d-----w- c:\program files (x86)\NortonInstaller
    2015-03-07 16:57 . 2015-03-07 16:57 -------- d-----w- C:\img
    2015-03-07 13:46 . 2015-03-07 13:47 -------- d-----w- c:\users\Home\AppData\Roaming\Local Store
    2015-03-05 16:44 . 2015-03-05 16:44 -------- d-----w- c:\program files (x86)\DBConvert
    2015-03-05 14:24 . 2015-03-05 14:24 -------- d-----w- c:\users\Home\AppData\Roaming\RStudio
    2015-03-05 06:08 . 2015-03-05 18:09 -------- d-----w- c:\users\Home\AppData\Local\RStudio-Desktop
    2015-03-05 06:04 . 2015-03-05 06:04 -------- d-----w- c:\program files\R
    2015-03-05 05:42 . 2015-03-05 05:42 2623488 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll
    2015-03-04 16:19 . 2015-03-04 16:19 -------- d-----w- c:\program files\IBM
    2015-03-03 01:10 . 2015-03-03 01:10 -------- d-----w- c:\users\Home\AppData\Roaming\PC-FAX TX
    2015-03-02 00:27 . 2015-03-02 00:27 -------- d-----w- c:\users\Home\AppData\Local\AutoIt v3
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files (x86)\iTunes
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iPod
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iTunes
    2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files\Bonjour
    2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files (x86)\Bonjour
    2015-03-01 03:14 . 2015-03-01 03:16 -------- d-----w- c:\program files\Common Files\Apple
    2015-02-24 15:31 . 2015-03-09 02:46 -------- d-----r- c:\users\Home\OneDrive - Probaseballinjuries.com
    2015-02-22 16:33 . 2015-02-22 16:33 -------- d-----w- c:\program files (x86)\Western Digital
    2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1A4174A-9D96-4FA9-9150-B52190C725CA}\gapaengine.dll
    2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- C:\Brother
    2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\programdata\ControlCenter4
    2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\program files (x86)\Browny02
    2015-02-20 03:47 . 2012-03-19 18:09 245760 ------w- c:\windows\SysWow64\NSSearch.dll
    2015-02-20 03:47 . 2007-12-14 03:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
    2015-02-20 03:47 . 2012-07-09 22:19 5120 ------w- c:\windows\SysWow64\BrDctF2S.dll
    2015-02-20 03:47 . 2010-03-16 00:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
    2015-02-20 03:46 . 2015-03-08 10:33 -------- d-----w- c:\users\Home\AppData\Roaming\InstallShield
    2015-02-19 03:10 . 2015-02-19 03:10 -------- d-----w- c:\users\Home\AppData\Local\twitter
    2015-02-19 03:07 . 2015-02-19 03:07 -------- d-----w- c:\program files (x86)\Twitter
    2015-02-14 16:30 . 2015-03-09 22:46 -------- d-----w- c:\program files (x86)\BlueStacks
    2015-02-14 16:30 . 2015-02-14 16:31 -------- d-----w- c:\programdata\BlueStacks
    2015-02-14 16:30 . 2015-02-14 16:30 -------- d-----w- c:\users\Home\AppData\Local\Bluestacks
    2015-02-13 17:56 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2015-02-13 17:56 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2015-02-13 17:56 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-13 17:56 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
    2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files\Microsoft Security Client
    2015-02-13 01:01 . 2015-02-13 01:01 950272 ----a-w- c:\windows\system32\perftrack.dll
    2015-02-13 01:01 . 2015-02-13 01:01 91136 ----a-w- c:\windows\system32\wdi.dll
    2015-02-13 01:01 . 2015-02-13 01:01 76800 ----a-w- c:\windows\SysWow64\wdi.dll
    2015-02-13 01:01 . 2015-02-13 01:01 29696 ----a-w- c:\windows\system32\powertracker.dll
    2015-02-11 09:18 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-11 09:17 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-09 23:42 . 2014-01-30 04:20 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-03 13:17 . 2013-07-08 22:40 295552 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-12 08:01 . 2013-07-08 23:23 116773704 ----a-w- c:\windows\system32\MRT.exe
    2015-02-09 13:42 . 2014-07-18 19:18 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-05 00:40 . 2013-07-15 18:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 00:40 . 2013-07-15 18:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-03 23:07 . 2015-02-03 23:07 69632 ----a-w- c:\windows\SysWow64\rtact.ocx
    2015-01-14 04:03 . 2014-11-25 06:45 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-12-19 03:06 . 2015-01-13 21:55 210432 ----a-w- c:\windows\system32\profsvc.dll
    2014-12-19 01:46 . 2015-01-13 21:55 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2014-12-11 17:47 . 2015-01-13 21:55 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2014-02-07 04:33 . 2014-02-07 04:33 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Home\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com" [2015-03-08 7780120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
    "Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
    "JunosPulse"="c:\program files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe" [2014-08-07 2521944]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
    .
    c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\GROOVE.EXE /RunFolderSync /TrayOnly [2014-12-23 8709304]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-2-7 13024768]
    RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2014-12-4 3407360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
    [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcssync
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\utorrent
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R4 jnprTdi_806_48695;Juniper Networks TDI Filter Driver (jnprTdi_806_48695);c:\windows\system32\Drivers\jnprTdi_806_48695.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_806_48695.sys [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [x]
    S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [x]
    S1 jnprns;Juniper Network Service;c:\windows\system32\DRIVERS\jnprns.sys;c:\windows\SYSNATIVE\DRIVERS\jnprns.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
    S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
    S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-02-20 06:57 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 00:40]
    .
    2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
    .
    2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
    .
    2015-03-09 c:\windows\Tasks\injury database backup.job
    - c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
    .
    2015-02-02 c:\windows\Tasks\retrosheet_backup.job
    - c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
    .
    2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Clip bookmark - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
    IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
    IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
    IE: LastPass - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
    Trusted Zone: sharepoint.com\probaseballinjuries
    Trusted Zone: sharepoint.com\probaseballinjuries-my
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}: NameServer = 8.8.8.8,8.8.8.8
    TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627: NameServer = 8.8.8.8,8.8.8.8
    TCP: Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    "Key"="ActionsPane3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
    "Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
    "0"="Microsoft Actions Pane 3"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
    c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
    .
    **************************************************************************
    .
    Completion time: 2015-03-09 19:44:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-03-09 23:44
    ComboFix2.txt 2015-03-09 22:02
    ComboFix3.txt 2015-03-08 19:16
    .
    Pre-Run: 577,323,429,888 bytes free
    Post-Run: 577,214,361,600 bytes free
    .
    - - End Of File - - 3411C0A59A95AFEE3A48EDEF3D2716B9
    A36C5E4F47E84449FF07ED3517B43A31
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

  14. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Nope, I couldn't open it in IE, Firefox, or Chrome.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    OK.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  16. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    I am unable to get the Farbar Recovery Scan tool. I tried in all the browsers. I cannot connect to any address in the bleepingcomputer domain.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

  18. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Adwcleaner

    # AdwCleaner v4.112 - Logfile created 09/03/2015 at 20:38:38
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Home - HOME-PC
    # Running from : C:\Users\Home\Desktop\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v36.0.1 (x86 en-US)


    -\\ Google Chrome v40.0.2214.115


    *************************

    AdwCleaner[R1].txt - [2916 bytes] - [08/12/2013 16:43:35]
    AdwCleaner[R2].txt - [6966 bytes] - [23/01/2014 16:36:15]
    AdwCleaner[R3].txt - [1203 bytes] - [23/01/2014 16:38:48]
    AdwCleaner[R4].txt - [3702 bytes] - [29/03/2014 16:26:04]
    AdwCleaner[R5].txt - [1762 bytes] - [31/03/2014 23:56:20]
    AdwCleaner[R6].txt - [5252 bytes] - [17/10/2014 01:37:34]
    AdwCleaner[R7].txt - [4014 bytes] - [08/03/2015 14:20:46]
    AdwCleaner[R8].txt - [1725 bytes] - [09/03/2015 20:37:13]
    AdwCleaner[S1].txt - [2905 bytes] - [08/12/2013 16:44:13]
    AdwCleaner[S2].txt - [6896 bytes] - [23/01/2014 16:36:41]
    AdwCleaner[S3].txt - [1271 bytes] - [23/01/2014 16:39:21]
    AdwCleaner[S4].txt - [3482 bytes] - [29/03/2014 16:27:18]
    AdwCleaner[S5].txt - [1704 bytes] - [31/03/2014 23:57:12]
    AdwCleaner[S6].txt - [5083 bytes] - [17/10/2014 01:39:47]
    AdwCleaner[S7].txt - [3959 bytes] - [08/03/2015 14:23:30]
    AdwCleaner[S8].txt - [1654 bytes] - [09/03/2015 20:38:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1713 bytes] ##########
     
  19. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.3 (03.01.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Home on Mon 03/09/2015 at 20:41:56.01
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util atuzi



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"
    Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\ustechsupport"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\zyiz0d55.default\prefs.js

    user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\"?><MerchantSettings><v n=\"459\" /><GlobalSuppresses><s u=\".cab\" g=\"13\" I=\"1342\" /><s u=\".eot\" g
    Emptied folder: C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\zyiz0d55.default\minidumps [197 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 03/09/2015 at 20:46:04.26
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  20. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
    Ran by Home (administrator) on HOME-PC on 09-03-2015 20:47:05
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available profiles: Home & Classic .NET AppPool & DefaultAppPool)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
    (The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
    (Akamai Technologies, Inc.) C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Akamai Technologies, Inc.) C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Home\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com [7780120 2015-03-08] (SUPERAntiSpyware)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
    ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
    ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{bf1da33b-d270-4d68-ac98-f5fd9f4fb489} <======= ATTENTION (Policy Restriction on IP)
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> URL http://search.conduit.com/Results.a...-41E2-80B4-AB42071A858B&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> {7A0F2838-3066-4B3E-B589-796F18B02300} URL = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-02-07] (LastPass)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-02-07] (LastPass)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-02-07] (LastPass)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-02-07] (LastPass)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-11-25] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}: [NameServer] 8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{5A690345-C551-4924-8B33-D666310D40AF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
    FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-04] (Oracle Corporation)
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-02-07] (LastPass)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-02-07] (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-25] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-01] (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\searchplugins\baseball-referencecom.xml [2015-03-09]
    FF Extension: LastPass - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\support@lastpass.com [2015-03-05]
    FF Extension: Flash and Video Download - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-03-04]
    FF Extension: Evernote Web Clipper - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-28]
    FF Extension: Clearly - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\readable@evernote.com.xpi [2014-03-27]
    FF Extension: EndNote Capture - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{322e833a-a7d4-4277-97c6-334fa1622d6a}.xpi [2014-10-17]
    FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-10-04]
    FF Extension: DownThemAll! - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-21]
    FF Extension: Greasemonkey - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-13]
    FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2015-03-05]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-09]

    Chrome:
    =======
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-06]
    CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-06]
    CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-12]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09]
    CHR Extension: (Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29]
    CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-06]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-01-22]
    CHR Extension: (Norton Identity Safe) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-06]
    CHR Extension: (Clearly) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-12-07]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-06]
    CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
    CHR Extension: (Evernote Web Clipper) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-01-27]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-03-07]
    CHR HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Home\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-07]
    CHR HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-03-07]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
    R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2014-11-06] (Advanced Micro Devices, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
    S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-24] (Atheros Communications, Inc.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-09] (AVG Technologies)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-24] (Symantec Corporation)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-07] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-07] (Symantec Corporation)
    R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-15] (Lenovo)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [669400 2015-03-06] (Symantec Corporation)
    R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
    S4 jnprTdi_806_48695; C:\Windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
    S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
    R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-11-06] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150309.001\ENG64.SYS [129752 2015-03-07] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150309.001\EX64.SYS [2137304 2015-03-07] (Symantec Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9101016 2014-11-06] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-07] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-03-08] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  21. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Part II



    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-09 20:47 - 2015-03-09 20:47 - 00032310 _____ () C:\Users\Home\Desktop\FRST.txt
    2015-03-09 20:46 - 2015-03-09 20:47 - 00000000 ____D () C:\FRST
    2015-03-09 20:46 - 2015-03-09 20:46 - 00001333 _____ () C:\Users\Home\Desktop\JRT.txt
    2015-03-09 20:41 - 2015-03-09 20:41 - 00001793 _____ () C:\Users\Home\Desktop\AdwCleaner[S8].txt
    2015-03-09 20:34 - 2015-03-09 20:34 - 02095104 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
    2015-03-09 20:28 - 2015-03-09 20:28 - 01388333 _____ (Thisisu) C:\Users\Home\Desktop\JRT.exe
    2015-03-09 20:27 - 2015-03-09 20:27 - 02171392 _____ () C:\Users\Home\Desktop\adwcleaner_4.112.exe
    2015-03-09 19:44 - 2015-03-09 19:44 - 00041401 _____ () C:\ComboFix.txt
    2015-03-08 21:16 - 2015-03-08 21:16 - 05613296 ____R (Swearware) C:\Users\Home\Desktop\your_name.exe
    2015-03-08 21:12 - 2015-03-08 21:19 - 00004574 _____ () C:\Users\Home\Desktop\Rkill.txt
    2015-03-08 21:05 - 2013-10-01 22:56 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Home\Desktop\rkill.exe
    2015-03-08 20:54 - 2015-03-08 20:56 - 05613296 ____R (Swearware) C:\Users\Home\Desktop\ComboFix.exe
    2015-03-08 16:43 - 2015-03-08 16:43 - 00044155 _____ () C:\Users\Home\Desktop\dds.txt
    2015-03-08 16:43 - 2015-03-08 16:43 - 00023643 _____ () C:\Users\Home\Desktop\attach.txt
    2015-03-08 16:35 - 2015-03-08 16:35 - 00001071 _____ () C:\latest malware bytes.txt
    2015-03-08 15:01 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-03-08 15:01 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-03-08 15:01 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-03-08 15:01 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-03-08 15:01 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-03-08 15:01 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-03-08 15:01 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-03-08 15:01 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-03-08 14:58 - 2015-03-09 19:45 - 00000000 ____D () C:\Qoobox
    2015-03-08 14:58 - 2015-03-09 19:22 - 00000000 ____D () C:\Windows\erdnt
    2015-03-08 14:48 - 2015-03-08 14:48 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
    2015-03-08 14:44 - 2015-03-08 14:44 - 00297798 _____ () C:\Users\Home\Desktop\Virus - Update Flash Player - TechSpot Forums.htm
    2015-03-08 14:43 - 2015-03-08 14:43 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe
    2015-03-08 14:42 - 2015-03-08 14:43 - 113199104 _____ (Sophos Limited) C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe
    2015-03-08 14:42 - 2015-03-08 14:42 - 00000000 ____D () C:\ProgramData\CheckPoint
    2015-03-08 14:32 - 2015-03-08 14:32 - 00003222 _____ () C:\Windows\System32\Tasks\{069AB111-2455-4678-8716-5A6B4905DF2B}
    2015-03-08 14:13 - 2015-03-08 14:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Home\Downloads\tdsskiller.exe
    2015-03-08 14:05 - 2015-03-08 14:05 - 00000000 ____D () C:\SUPERDelete
    2015-03-08 13:59 - 2015-03-09 18:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-03-08 13:59 - 2015-03-08 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-03-08 13:59 - 2015-03-08 13:59 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2015-03-08 13:59 - 2015-03-08 13:59 - 00000548 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job
    2015-03-08 13:59 - 2015-03-08 13:59 - 00000548 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job
    2015-03-08 13:59 - 2015-03-08 13:59 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
    2015-03-08 13:59 - 2015-03-08 13:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-03-08 13:58 - 2015-03-08 13:58 - 21189736 _____ (SUPERAntiSpyware) C:\Users\Home\Downloads\SUPERAntiSpyware.exe
    2015-03-08 13:19 - 2015-03-08 13:19 - 00002547 _____ () C:\Users\Home\Documents\SR settings.uvksr
    2015-03-08 13:16 - 2015-03-08 14:20 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
    2015-03-08 13:16 - 2015-03-08 13:24 - 00000000 ____D () C:\ProgramData\UVK
    2015-03-08 13:16 - 2015-03-08 13:16 - 00001820 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
    2015-03-08 13:16 - 2015-03-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
    2015-03-08 13:10 - 2015-03-08 13:10 - 12973424 _____ (McAfee Inc) C:\Users\Home\Downloads\stinger64.exe
    2015-03-08 13:09 - 2015-03-08 13:10 - 16735931 _____ () C:\Users\Home\Downloads\unhackme.zip
    2015-03-08 13:08 - 2015-03-08 13:08 - 00785096 _____ (Kaspersky Lab ZAO) C:\Users\Home\Downloads\rectordecryptor.exe
    2015-03-08 13:07 - 2015-03-08 13:07 - 06568448 _____ (Carifred) C:\Users\Home\Downloads\UVKSetup.exe
    2015-03-08 12:31 - 2015-03-09 20:39 - 00023796 _____ () C:\Windows\PFRO.log
    2015-03-08 12:31 - 2015-03-09 20:39 - 00000672 _____ () C:\Windows\setupact.log
    2015-03-08 12:31 - 2015-03-08 12:31 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-08 07:17 - 2015-03-08 07:17 - 00000000 ____D () C:\Users\Home\AppData\Local\Privatefirewall
    2015-03-08 07:15 - 2015-03-08 07:15 - 00000000 ____D () C:\ProgramData\Privacyware
    2015-03-08 05:11 - 2015-03-08 05:11 - 00020694 _____ () C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm
    2015-03-08 04:45 - 2015-03-08 04:45 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
    2015-03-08 04:39 - 2015-03-08 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Comodo
    2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\ProgramData\Comodo Downloader
    2015-03-08 04:38 - 2015-03-08 05:14 - 00000000 ____D () C:\ProgramData\Comodo
    2015-03-08 04:14 - 2015-03-08 14:02 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-08 04:14 - 2015-03-08 04:27 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-08 03:23 - 2015-03-08 03:23 - 00080697 _____ () C:\Users\Home\Desktop\Virus Removal Instruction Annoying b3.mookie1.com Pop-up Help Removing b3.mookie1.com Pop-up.htm
    2015-03-08 03:09 - 2015-03-08 03:09 - 00857556 _____ () C:\Users\Home\Documents\network capture.pcapng
    2015-03-08 02:11 - 2015-03-08 02:11 - 02510774 _____ () C:\Users\Home\Documents\network capture text.txt
    2015-03-08 02:00 - 2015-03-08 02:00 - 00003256 _____ () C:\Windows\System32\Tasks\{C46E13E0-5A15-4EB6-8C80-CE1B66EC59B4}
    2015-03-08 01:04 - 2015-03-08 22:46 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Task Coach
    2015-03-08 01:04 - 2015-03-08 01:04 - 00001019 _____ () C:\Users\Home\Desktop\Task Coach.lnk
    2015-03-08 01:04 - 2015-03-08 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Coach
    2015-03-08 01:04 - 2015-03-08 01:04 - 00000000 ____D () C:\Program Files (x86)\TaskCoach
    2015-03-08 01:03 - 2015-03-08 01:09 - 00000000 ____D () C:\Users\Home\Downloads\Lazypressing V4.0 Beta
    2015-03-08 00:42 - 2015-03-08 00:42 - 18732632 _____ () C:\Users\Home\Desktop\RogueKillerX64.exe
    2015-03-08 00:41 - 2015-03-08 00:41 - 00001016 _____ () C:\Users\Home\Desktop\PSPad.lnk
    2015-03-08 00:20 - 2015-03-08 00:20 - 01110166 _____ () C:\Users\Home\Desktop\injury table schema.bmp
    2015-03-07 23:54 - 2015-03-07 23:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
    2015-03-07 23:52 - 2015-03-07 23:53 - 00000000 ____D () C:\Users\Home\Desktop\Baseball Risk Assessment Tool
    2015-03-07 23:51 - 2015-03-07 23:51 - 00000000 ____D () C:\Users\Home\Desktop\TMC
    2015-03-07 23:35 - 2015-03-09 20:43 - 00207437 _____ () C:\Windows\WindowsUpdate.log
    2015-03-07 21:52 - 2015-03-07 23:48 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2015-03-07 21:52 - 2015-03-07 21:52 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2015-03-07 21:52 - 2015-03-07 21:52 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2015-03-07 21:52 - 2015-03-07 21:52 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2015-03-07 21:51 - 2015-03-07 23:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
    2015-03-07 21:51 - 2015-03-07 23:48 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
    2015-03-07 21:51 - 2015-03-07 21:51 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
    2015-03-07 12:57 - 2015-03-07 12:57 - 00000000 ____D () C:\img
    2015-03-07 12:43 - 2015-03-07 12:45 - 05108109 _____ () C:\Users\Home\Downloads\Lazypressing V4.0 Beta.rar
    2015-03-07 09:46 - 2015-03-07 09:47 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Local Store
    2015-03-06 21:29 - 2015-03-06 21:29 - 101014184 _____ () C:\Users\Home\Desktop\MIT6_042JF10_lec01_300k.mp4
    2015-03-06 21:24 - 2015-03-06 21:24 - 05489741 _____ () C:\Users\Home\Downloads\18-443-spring-2009.zip
    2015-03-06 21:02 - 2015-03-06 21:28 - 00000000 ____D () C:\Users\Home\Downloads\MIT
    2015-03-06 20:48 - 2015-03-06 20:48 - 32473803 _____ () C:\Users\Home\Downloads\18-02-fall-2007.zip
    2015-03-06 20:47 - 2015-03-06 20:48 - 40757513 _____ () C:\Users\Home\Downloads\6-041-fall-2010.zip
    2015-03-06 20:40 - 2015-03-06 20:40 - 10425947 _____ () C:\Users\Home\Downloads\15-075j-fall-2011.zip
    2015-03-06 12:32 - 2015-03-06 12:32 - 00424186 _____ () C:\ProgramData\SMRResults430.dat
    2015-03-06 12:31 - 2015-03-06 12:31 - 00001506 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
    2015-03-05 22:33 - 2015-03-08 03:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-05 12:44 - 2015-03-05 12:44 - 00000000 ____D () C:\Program Files (x86)\DBConvert
    2015-03-05 12:43 - 2015-03-05 12:43 - 00000000 ____D () C:\Users\Home\Downloads\dbconvert_sqlite_mysql
    2015-03-05 11:57 - 2015-03-07 10:27 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
    2015-03-05 10:24 - 2015-03-05 10:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\RStudio
    2015-03-05 02:08 - 2015-03-05 02:08 - 00000000 ____D () C:\Users\Home\Documents\R
    2015-03-05 02:06 - 2015-03-05 02:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
    2015-03-05 02:05 - 2015-03-05 02:06 - 00000000 ____D () C:\Program Files\RStudio
    2015-03-05 02:05 - 2015-03-05 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
    2015-03-05 02:04 - 2015-03-05 02:04 - 00000000 ____D () C:\Program Files\R
    2015-03-04 12:20 - 2015-03-04 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
    2015-03-04 12:19 - 2015-03-04 12:19 - 00000000 ____D () C:\Program Files\IBM
    2015-03-02 21:21 - 2015-03-02 21:21 - 00000000 ____D () C:\Users\Home\Documents\Fax
    2015-03-02 21:10 - 2015-03-02 21:10 - 00000000 ____D () C:\Users\Home\AppData\Roaming\PC-FAX TX
    2015-03-01 20:27 - 2015-03-01 20:27 - 00000000 ____D () C:\Users\Home\AppData\Local\AutoIt v3
    2015-03-01 20:10 - 2015-03-08 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
    2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files\iTunes
    2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files\iPod
    2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-02-28 23:14 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-02-28 23:14 - 2015-02-28 23:14 - 00000000 ____D () C:\Program Files\Bonjour
    2015-02-28 23:14 - 2015-02-28 23:14 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2015-02-26 13:09 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-26 13:09 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-25 10:36 - 2015-02-25 10:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\VideoAnalyzer
    2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
    2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
    2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\Program Files\DIFX
    2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
    2015-02-25 10:34 - 2015-02-25 10:36 - 00000000 ____D () C:\VideosForAnalysis
    2015-02-25 10:34 - 2015-02-25 10:34 - 00245568 _____ (KEYLOK) C:\Windows\system32\NWKL2_64.DLL
    2015-02-25 10:34 - 2015-02-25 10:34 - 00236352 _____ (KEYLOK) C:\Windows\system32\KL2DLL64.DLL
    2015-02-25 10:34 - 2015-02-25 10:34 - 00207168 _____ (KEYLOK) C:\Windows\SysWOW64\NWKL2_32.DLL
    2015-02-25 10:34 - 2015-02-25 10:34 - 00198976 _____ (KEYLOK) C:\Windows\SysWOW64\KL2DLL32.DLL
    2015-02-25 10:34 - 2015-02-25 10:34 - 00041984 _____ () C:\Windows\system32\ppmon64.exe
    2015-02-25 10:34 - 2015-02-25 10:34 - 00024136 _____ () C:\Windows\SysWOW64\ppmon.exe
    2015-02-25 10:34 - 2015-02-25 10:34 - 00012480 _____ () C:\Windows\SysWOW64\KL2N.DLL
    2015-02-25 10:34 - 2015-02-25 10:34 - 00007440 _____ () C:\Windows\SysWOW64\ppmon.dll
    2015-02-25 10:34 - 2015-02-25 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\KEYLOK
    2015-02-24 11:31 - 2015-03-08 22:46 - 00000000 ___RD () C:\Users\Home\OneDrive - Probaseballinjuries.com
    2015-02-22 12:33 - 2015-02-22 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
    2015-02-22 12:33 - 2015-02-22 12:33 - 00000000 ____D () C:\Program Files (x86)\Western Digital
    2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
    2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\ProgramData\ControlCenter4
    2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\Program Files (x86)\Browny02
    2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\Brother
    2015-02-19 23:48 - 2003-11-28 19:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
    2015-02-19 23:47 - 2012-07-09 18:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
    2015-02-19 23:47 - 2012-03-19 14:09 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
    2015-02-19 23:47 - 2010-03-15 20:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
    2015-02-19 23:47 - 2007-12-13 23:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
    2015-02-19 23:46 - 2015-03-08 06:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield
    2015-02-18 23:10 - 2015-02-18 23:10 - 00000000 ____D () C:\Users\Home\AppData\Local\twitter
    2015-02-18 23:08 - 2015-02-18 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweetDeck
    2015-02-18 23:07 - 2015-02-18 23:07 - 00000000 ____D () C:\Program Files (x86)\Twitter
    2015-02-16 15:54 - 2015-02-16 15:54 - 00000024 ___SH () C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat
    2015-02-14 12:30 - 2015-03-09 18:46 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
    2015-02-14 12:30 - 2015-02-14 12:31 - 00000000 ____D () C:\ProgramData\BlueStacks
    2015-02-14 12:30 - 2015-02-14 12:30 - 00000000 ____D () C:\Users\Home\AppData\Local\Bluestacks
    2015-02-14 12:30 - 2015-02-14 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
    2015-02-13 13:56 - 2015-01-23 00:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-13 13:56 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-13 13:56 - 2015-01-22 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-13 13:56 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-13 13:52 - 2015-02-13 13:52 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-13 13:52 - 2015-02-13 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-13 13:52 - 2015-02-13 13:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-13 13:52 - 2015-02-13 13:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2015-02-13 13:19 - 2015-02-13 13:19 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
    2015-02-13 10:34 - 2015-02-13 10:34 - 00000000 _____ () C:\asc_rdflag
    2015-02-12 21:01 - 2015-02-12 21:01 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-12 21:01 - 2015-02-12 21:01 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-12 21:01 - 2015-02-12 21:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-12 21:01 - 2015-02-12 21:01 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-11 05:19 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 05:19 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 05:19 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 05:19 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 05:19 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 05:19 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 05:19 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 05:19 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 05:19 - 2015-01-14 01:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 05:19 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-11 05:19 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 05:19 - 2015-01-11 23:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 05:19 - 2015-01-11 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 05:19 - 2015-01-11 22:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 05:19 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 05:19 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 05:19 - 2015-01-11 22:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 05:19 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 05:19 - 2015-01-11 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 05:19 - 2015-01-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 05:19 - 2015-01-11 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 05:19 - 2015-01-11 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 05:19 - 2015-01-11 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 05:19 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 05:19 - 2015-01-11 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 05:19 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 05:19 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 05:19 - 2015-01-11 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 05:19 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 05:19 - 2015-01-11 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 05:19 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 05:19 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-11 05:19 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-11 05:19 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 05:19 - 2015-01-11 22:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 05:19 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 05:19 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 05:19 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-11 05:19 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 05:19 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 05:19 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 05:19 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 05:19 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 05:19 - 2015-01-11 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 05:19 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 05:19 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 05:19 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-11 05:19 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 05:19 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 05:19 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 05:19 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 05:19 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 05:19 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 05:19 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 05:19 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 05:19 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 05:19 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 05:19 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 05:19 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 05:19 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 05:19 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 05:19 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 05:19 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 05:19 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 05:19 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 05:19 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 05:19 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 05:19 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-11 05:19 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 05:19 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 05:19 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 05:19 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 05:19 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 05:19 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 05:18 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 05:18 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 05:18 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 05:18 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 05:18 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 05:18 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 05:18 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 05:18 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 05:18 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 05:18 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 05:18 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 05:18 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 05:18 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 05:18 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 05:18 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 05:18 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 05:18 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 05:18 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 05:18 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 05:18 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-11 05:18 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-11 05:18 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-11 05:18 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 05:18 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 05:18 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 05:18 - 2015-01-12 23:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 05:18 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 05:18 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 05:18 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-11 05:18 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 05:18 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 05:18 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 05:18 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 05:17 - 2015-01-08 22:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 00:42 - 2015-02-10 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-09 20:46 - 2009-07-14 01:13 - 00867156 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-09 20:46 - 2009-07-14 00:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-09 20:46 - 2009-07-14 00:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-09 20:40 - 2014-09-15 11:13 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Home-PC-Home Home-PC
    2015-03-09 20:40 - 2014-01-30 00:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-09 20:40 - 2013-07-15 15:07 - 00000000 ___RD () C:\Users\Home\Google Drive
    2015-03-09 20:40 - 2013-07-15 14:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-09 20:39 - 2013-07-15 14:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-09 20:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-09 20:38 - 2013-12-08 16:43 - 00000000 ____D () C:\AdwCleaner
    2015-03-09 19:57 - 2013-07-15 14:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-09 19:42 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
    2015-03-09 19:22 - 2009-07-13 22:34 - 98304000 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2015-03-09 19:22 - 2009-07-13 22:34 - 22282240 _____ () C:\Windows\system32\config\SYSTEM.bak
    2015-03-09 19:22 - 2009-07-13 22:34 - 05087232 _____ () C:\Windows\system32\config\DEFAULT.bak
    2015-03-09 19:22 - 2009-07-13 22:34 - 00036864 _____ () C:\Windows\system32\config\SECURITY.bak
    2015-03-09 19:22 - 2009-07-13 22:34 - 00032768 _____ () C:\Windows\system32\config\SAM.bak
    2015-03-08 22:00 - 2014-06-13 23:30 - 00000542 _____ () C:\Windows\Tasks\injury database backup.job
    2015-03-08 22:00 - 2013-07-15 16:58 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SQLyog
    2015-03-08 21:51 - 2014-03-31 21:28 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
    2015-03-08 18:30 - 2014-05-21 23:52 - 00000000 ____D () C:\Program Files (x86)\Nitro
    2015-03-08 18:22 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
    2015-03-08 17:19 - 2014-09-01 20:19 - 00000164 _____ () C:\Windows\ODBC.INI
    2015-03-08 17:18 - 2014-11-25 02:49 - 00000000 ___RD () C:\Users\Home\OneDrive
    2015-03-08 15:16 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
    2015-03-08 15:08 - 2014-12-06 02:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\mymacro
    2015-03-08 15:08 - 2013-07-08 18:24 - 00000000 ____D () C:\Users\Home
    2015-03-08 14:53 - 2013-08-08 20:51 - 00000000 ____D () C:\Users\Home\Documents\Software
    2015-03-08 14:31 - 2014-05-03 22:22 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps
    2015-03-08 13:52 - 2013-07-15 16:27 - 00000000 ____D () C:\Windows\PCHEALTH
    2015-03-08 13:35 - 2014-10-17 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-08 13:35 - 2014-10-17 01:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-08 07:12 - 2014-03-16 12:05 - 00000000 ____D () C:\CCE
    2015-03-08 07:06 - 2014-04-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Flash Update
    2015-03-08 07:06 - 2014-03-16 14:12 - 00000000 ____D () C:\CCE_Quarantine
    2015-03-08 05:33 - 2014-03-23 21:35 - 00000000 ____D () C:\Windows\System32\Tasks\Visual Web Ripper
    2015-03-08 04:52 - 2014-12-29 00:02 - 00001548 _____ () C:\Users\Home\Desktop\TMC - Shortcut.lnk
    2015-03-08 04:52 - 2014-12-28 23:59 - 00001880 _____ () C:\Users\Home\Desktop\Google Drive.lnk
    2015-03-08 04:52 - 2014-12-11 19:45 - 00001974 _____ () C:\Users\Home\Desktop\OneDrive - Probaseballinjuries.com.lnk
    2015-03-08 04:30 - 2014-12-01 03:55 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment
    2015-03-08 04:30 - 2014-12-01 03:55 - 00000000 ____D () C:\Users\Home\AppData\Local\Apps\2.0
    2015-03-08 04:13 - 2013-11-10 22:53 - 00000000 ___RD () C:\Users\Home\Desktop\Malware Killer
    2015-03-08 04:06 - 2014-08-19 11:08 - 00017880 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-08 03:55 - 2014-10-17 00:30 - 00000000 ____D () C:\Users\Home\Documents\Mendeley
    2015-03-08 03:49 - 2014-11-24 15:39 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_65D
    2015-03-08 03:49 - 2014-08-23 11:14 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_3DBE
    2015-03-08 03:49 - 2014-08-14 10:24 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_BE8
    2015-03-08 03:49 - 2014-07-15 09:26 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_32EA
    2015-03-08 02:29 - 2014-05-22 00:14 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Nitro PDF
    2015-03-08 00:41 - 2014-03-31 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
    2015-03-07 22:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-07 21:54 - 2014-05-02 21:27 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2015-03-07 21:54 - 2014-05-02 21:27 - 00000000 ____D () C:\ProgramData\Norton
    2015-03-07 21:51 - 2013-07-15 15:00 - 00000000 ___RD () C:\Users\Home\Dropbox
    2015-03-07 12:57 - 2014-12-06 03:08 - 00000000 ____D () C:\lp2
    2015-03-06 12:31 - 2014-05-12 00:13 - 00000000 ____D () C:\Users\Home\AppData\Local\NPE
    2015-03-06 12:13 - 2015-01-21 23:30 - 00000000 ____D () C:\NPE
    2015-03-06 12:10 - 2013-07-15 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-05 21:58 - 2013-07-08 18:47 - 00000000 ____D () C:\Users\Home\AppData\Local\Akamai
    2015-03-05 12:54 - 2013-07-08 18:24 - 00000000 ____D () C:\Users\Home\AppData\Local\VirtualStore
    2015-03-04 19:04 - 2014-08-19 11:07 - 00435888 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-04 14:48 - 2013-12-06 00:14 - 00000016 ____H () C:\Windows\SysWOW64\servdat.slm
    2015-03-04 12:29 - 2013-08-08 20:56 - 00000000 ____D () C:\Users\Home\Documents\Injury Research
    2015-03-04 12:20 - 2013-12-06 00:15 - 00000000 ____D () C:\ProgramData\SPSS
    2015-03-04 12:19 - 2013-12-06 00:14 - 00000219 _____ () C:\Windows\SysWOW64\lsprst7.tgz
    2015-03-03 16:01 - 2013-07-15 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-03-03 14:36 - 2013-07-15 16:24 - 00000000 ____D () C:\Users\Home\AppData\Local\Microsoft Help
    2015-03-03 09:17 - 2013-07-08 18:40 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-02 21:10 - 2013-07-19 20:04 - 00000324 _____ () C:\Windows\Brpfx04a.ini
    2015-03-02 21:10 - 2013-07-19 20:04 - 00000130 _____ () C:\Windows\brpcfx.ini
    2015-02-27 17:09 - 2014-12-04 15:15 - 00000000 ____D () C:\Program Files (x86)\RescueTime
    2015-02-26 22:52 - 2014-12-04 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
    2015-02-24 11:31 - 2014-12-03 02:31 - 00000000 ___RD () C:\Users\Home\ODBA
    2015-02-24 11:20 - 2014-11-25 02:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-02-23 00:08 - 2014-12-07 16:41 - 00000000 ____D () C:\Users\Home\Desktop\Games
    2015-02-20 04:49 - 2013-07-19 20:02 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
    2015-02-19 23:49 - 2013-07-19 19:59 - 00009924 _____ () C:\Windows\BRPARAM.INI
    2015-02-19 23:47 - 2013-07-19 20:02 - 00000000 ____D () C:\Program Files (x86)\Brother
    2015-02-19 23:47 - 2013-07-08 20:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-19 16:09 - 2014-10-15 22:50 - 00000000 ____D () C:\Retrosheet
    2015-02-17 14:03 - 2014-04-03 20:47 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
    2015-02-16 21:36 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-02-16 16:02 - 2014-12-20 00:16 - 00000000 ____D () C:\Users\Home\.freemind
    2015-02-16 16:02 - 2014-02-11 23:24 - 00000000 ____D () C:\temp
    2015-02-16 16:02 - 2013-08-28 22:01 - 00000000 ____D () C:\Users\Home\.FamilySearchIndexing
    2015-02-16 16:02 - 2013-07-25 20:24 - 00000000 ____D () C:\Users\Home\Ebooks
    2015-02-15 00:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-13 22:59 - 2009-07-14 01:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-13 14:05 - 2014-07-20 16:01 - 00000000 ____D () C:\Windows\AutoKMS
    2015-02-13 14:02 - 2013-07-19 19:44 - 00000000 ____D () C:\Windows\Minidump
    2015-02-13 13:59 - 2014-09-12 01:40 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-13 13:21 - 2013-11-17 23:28 - 00000000 ____D () C:\Windows\pss
    2015-02-13 12:16 - 2015-01-12 00:53 - 00000000 ____D () C:\Program Files (x86)\Radium Technologies
    2015-02-13 10:34 - 2014-11-06 21:18 - 96743424 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
    2015-02-13 10:34 - 2014-11-06 21:18 - 05066752 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
    2015-02-13 10:34 - 2014-11-06 21:18 - 00036864 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
    2015-02-13 10:34 - 2014-11-06 21:18 - 00032768 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
    2015-02-13 03:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-12 20:44 - 2014-11-05 21:58 - 00000000 ____D () C:\ProgramData\ProductData
    2015-02-12 08:28 - 2014-12-09 21:15 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-12 08:28 - 2014-05-06 00:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-12 04:10 - 2013-08-14 06:55 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-12 04:01 - 2013-07-08 19:23 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 11:22 - 2013-07-15 13:51 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Dropbox
    2015-02-09 09:46 - 2013-12-22 15:25 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-09 09:42 - 2014-07-18 15:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-09 09:42 - 2014-05-05 13:16 - 00000000 ____D () C:\Program Files (x86)\Java

    ==================== Files in the root of some directories =======

    2014-02-07 00:33 - 2014-02-07 00:33 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2014-12-04 03:26 - 2014-12-04 03:26 - 0000008 ____H () C:\Users\Home\AppData\Roaming\Pref - 7621d
    2015-02-16 15:54 - 2015-02-16 15:54 - 0000024 ___SH () C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat
    2014-12-04 03:26 - 2014-10-07 06:33 - 0000008 ____H () C:\Users\Home\AppData\Roaming\sysuser_32
    2015-01-28 15:21 - 2015-01-28 15:21 - 0000046 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2015-01-18 16:15 - 2015-01-18 16:15 - 0000038 ___SH () C:\Users\Home\AppData\Local\5678c43253f8bbb5ed82a9.59421958
    2014-12-30 12:48 - 2014-12-30 12:49 - 0000600 _____ () C:\Users\Home\AppData\Local\PUTTY.RND
    2015-01-04 00:47 - 2015-01-04 00:47 - 0001239 _____ () C:\Users\Home\AppData\Local\recently-used.xbel
    2014-09-16 14:18 - 2014-09-16 14:18 - 0007644 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2014-07-09 16:07 - 2014-07-09 16:07 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-01-30 23:05 - 2014-01-30 23:53 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-03-06 12:32 - 2015-03-06 12:32 - 0424186 _____ () C:\ProgramData\SMRResults430.dat

    Files to move or delete:
    ====================
    C:\ProgramData\SMRResults430.dat
    C:\Users\Home\jobq.dat
    C:\Users\Home\setup.exe


    Some content of TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\Quarantine.exe
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-05 05:57

    ==================== End Of Log ============================
     
  22. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Additional log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
    Ran by Home at 2015-03-09 20:47:51
    Running from C:\Users\Home\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    AES Crypt (HKLM\...\{27D8751B-EC95-4F79-940A-8460F9278931}) (Version: 3.09 - Packetizer, Inc.)
    Akamai NetSession Interface (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
    Amazon Kindle (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite MFC-J435W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Dropbox (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
    Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
    Extreme URL Generator 1.4 (HKLM-x32\...\Extreme URL Generator_is1) (Version: 1.4 - Extreme Internet Software)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
    Getting Things Done Outlook Add-In (HKLM-x32\...\{D9ACA6BD-10A3-40C5-AE17-6B6AD4F50FEE}) (Version: 3.3.22 - NetCentrics Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Juniper Citrix Services Client (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Juniper_Citrix_Services) (Version: 8.0.6.32195 - Juniper Networks)
    Juniper Networks Network Connect 7.1.17 (HKLM-x32\...\Juniper Network Connect 7.1.17) (Version: 7.1.17.28099 - Juniper Networks)
    Juniper Networks Setup Client (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
    Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
    Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
    Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.48695 - Juniper Networks, Inc.)
    Junos Pulse Core Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
    Junos Pulse Drivers Add-On (Version: 5.0.48695 - Juniper Networks) Hidden
    Junos Pulse Host Checker Plugin Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
    Junos Pulse Tunnel Manager Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
    Junos Pulse UAC/NC Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mendeley Desktop 1.12.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.2 - Mendeley Ltd.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft SharePoint Designer 2013 - en-us (HKLM\...\SPDRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Version: 5.3.4 - Oracle Corporation)
    MySQL Fabric 1.5.3 & MySQL Utilities 1.5.3 (HKLM-x32\...\{9738F610-016F-4D07-9071-992D46C0742B}) (Version: 1.5.3 - Oracle Corporation)
    MySQL Installer (HKLM-x32\...\{4C82767C-464E-4858-81BC-D33626EA30AA}) (Version: 1.3.2.0 - Oracle Corporation)
    MySQL Server 5.6 (HKLM\...\{3AEB0317-360A-4434-AC52-6EB66532CB4D}) (Version: 5.6.12 - Oracle Corporation)
    MySQL Workbench 6.2 CE (HKLM\...\{916D6512-97A8-470D-AEC8-53A1654E74BF}) (Version: 6.2.3 - Oracle Corporation)
    Neat (HKLM-x32\...\Neat) (Version: 5.5.2.7 - The Neat Company)
    Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
    Neat Core Files (x32 Version: 5.5.2.7 - The Neat Company) Hidden
    Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
    NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
    Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
    Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    Paprika Recipe Manager (HKLM-x32\...\{E9AC2A1E-F693-43D0-BBF4-C57A4D9BDFCF}) (Version: 1.0.4 - Hindsight Labs LLC)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.9.2600 - Jan Fiala)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    R for Windows 3.1.2 (HKLM\...\R for Windows 3.1.2_is1) (Version: 3.1.2 - R Core Team)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
    RescueTime 2.10.1.1240 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
    RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1102 - RStudio)
    Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
    Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
    Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
    Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
    SQLyog 11.33 (64 bit) (HKLM\...\SQLyog64) (Version: 11.33 (64 bit) - Webyog Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
    Task Coach 1.4.2 (HKLM-x32\...\Task Coach_is1) (Version: - Frank Niessink, Jerome Laheurte, and Aaron Wolf)
    TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
    USB2.0 UVC VGA WebCam (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10256 - Realtek Semiconductor Corp.)
    UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.0.0.2 - Carifred)
    VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
    WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
    Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
    XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)
    YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll ()
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    08-03-2015 17:19:13 Removed Privatefirewall 7.0
    08-03-2015 18:02:14 Removed Nitro Pro 9
    08-03-2015 18:22:07 Removed CouponPrinterPlugin
    08-03-2015 18:22:30 Removed Living Cookbook 2015

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-03-09 19:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00141F20-A12B-4193-BD74-A1B96CC76638} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-14] (Microsoft Corporation)
    Task: {06FA84F5-6B40-48D4-812A-40F55E4C6D71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {136B767E-03F0-4590-976D-F087C1FC04E1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
    Task: {1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506} - System32\Tasks\ASC7_SkipUac_Home => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
    Task: {193FA546-EC30-49CB-B371-C55DB747520A} - System32\Tasks\injury database backup => C:\Program Files\SQLyog\SJA.exe [2014-02-07] (Webyog Inc.)
    Task: {2B912968-2CF8-49A8-87A3-0DA30D3A2306} - System32\Tasks\{069AB111-2455-4678-8716-5A6B4905DF2B} => pcalua.exe -a "C:\Program Files (x86)\MySQL\MySQL Installer\MySQLInstaller.exe" -d "C:\Program Files (x86)\MySQL\MySQL Installer\"
    Task: {49549DC0-B543-4D56-9D82-63CFECE46C4A} - System32\Tasks\{978A3E2E-FDC6-45D1-9FC4-BE79A471F8D2} => pcalua.exe -a "C:\Program Files\IBM\SPSS\Statistics\21\VC9\vcredist_x64.exe" -d "C:\Program Files\IBM\SPSS\Statistics\21\VC9"
    Task: {51A084AA-DE64-45E9-BDD1-88DFD51736A8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {57D1ED92-C224-4ADA-A242-A7C237C2E8CE} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {745263D3-6514-480E-9ACB-1355C51781E6} - System32\Tasks\retrosheet_backup => C:\Program Files\SQLyog\SJA.exe [2014-02-07] (Webyog Inc.)
    Task: {80728DA7-53C1-4360-82A3-0342E5D9DA7A} - \Advanced System Protector_startup No Task File <==== ATTENTION
    Task: {9AF445A4-EEF4-46A6-85A1-ABE63C5EDCC0} - System32\Tasks\{C46E13E0-5A15-4EB6-8C80-CE1B66EC59B4} => pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHT13IAR\HijackThis.exe" -d C:\Users\Home\Desktop
    Task: {9D1FB838-6594-4D92-B123-D04673D2D3F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {AD23CC63-79AC-4C16-A4FD-D1E254518AA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
    Task: {B0063959-3E2D-4450-A43C-6F0BEBE5B9D1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: {B3059DAF-6065-45FB-8B33-14E5143F6D90} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
    Task: {BEF4D747-6F29-40E8-82D3-DF3CEA05E1AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
    Task: {C044DA37-1082-48F8-BE12-F5241AD148F6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {CAD6FEC2-8E48-45CA-8DBE-1AF94173B47F} - System32\Tasks\{327FC1B5-22CD-4B6C-8734-F2BEB4DD8553} => pcalua.exe -a C:\Users\Home\Documents\Liveupdate_Win7_64_Z312\Setup.exe -d C:\Users\Home\Documents\Liveupdate_Win7_64_Z312
    Task: {CFAC93F3-5C61-43F2-9142-942A48458405} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {D4C0CAC3-A85A-4E00-A84E-851CC3014DE8} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {DD1D6D21-9C38-4EE5-AB88-4C27CD1376E5} - System32\Tasks\{53C3AD61-9FAC-44AC-A128-CF46C28C7941} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}\Setup.exe" -c -runfromtemp -l0x0009 UNINSTALL Reg=BHmini11 -removeonly
    Task: {E19AF081-F765-4DA5-A6DE-B1576F5A371E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Home-PC-Home Home-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
    Task: {E2FFFCC8-3412-44A9-A213-DD753C991B35} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {E7F26CA6-DCCD-43F5-B451-A0AB8A3AD69C} - System32\Tasks\{B973D861-B242-48BA-81A1-5D26CD94EC70} => pcalua.exe -a C:\Users\Home\Downloads\LegacyGeoDBSetup.exe -d C:\Users\Home\Downloads
    Task: {F29B4BE4-DE46-447D-AB36-EEE495A9F4A3} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    Task: {F73EF4EA-837E-4B80-A3E0-292AAFFF380D} - \AutoKMS No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\injury database backup.job => C:\Program Files\SQLyog\SJA.exe C:\Users\Home\Documents\database_backup_donotdelete.xml -lC:\Users\Home\AppData\Roaming\SQLyog\sja.log -sC:\Users\Home\AppData\Roaming\SQLyog\sjasession.xml
    Task: C:\Windows\Tasks\retrosheet_backup.job => C:\Program Files\SQLyog\SJA.exe C:\Users\Home\Documents\retrosheet_backup_file.xml -lC:\Users\Home\AppData\Roaming\SQLyog\sja.log -sC:\Users\Home\AppData\Roaming\SQLyog\sjasession.xml
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job => C:\Program Files\SUPERAntiSpyware\SASTask.exexC:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job => C:\Program Files\SUPERAntiSpyware\SASTask.exexC:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com

    ==================== Loaded Modules (whitelisted) ==============

    2014-09-06 19:20 - 2014-05-20 15:01 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-25 02:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-07-19 20:02 - 2005-04-22 00:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
    2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-11-25 02:45 - 2014-12-23 15:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-03-09 20:39 - 2015-03-09 20:39 - 00098816 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32api.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00110080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pywintypes27.dll
    2015-03-09 20:39 - 2015-03-09 20:39 - 00364544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pythoncom27.dll
    2015-03-09 20:39 - 2015-03-09 20:39 - 00045568 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_socket.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 01161216 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_ssl.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00320512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32com.shell.shell.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00713216 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_hashlib.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 01175040 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._core_.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00805888 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._gdi_.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00811008 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._windows_.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 01062400 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._controls_.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00735232 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._misc_.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00682496 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pysqlite2._sqlite.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00128512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_elementtree.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00127488 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pyexpat.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00087552 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_ctypes.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00119808 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32file.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00108544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32security.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00007168 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\hashobjs_ext.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00167936 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32gui.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00018432 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32event.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00038912 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32inet.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00011264 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32crypt.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00070656 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._html2.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00027136 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_multiprocessing.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00020480 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_yappi.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00035840 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32process.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00686080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\unicodedata.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00122368 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._wizard.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00024064 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32pipe.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00010240 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\select.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00025600 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32pdh.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00525640 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\windows._lib_cacheinvalidation.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00017408 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32profile.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00022528 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32ts.pyd
    2015-03-09 20:39 - 2015-03-09 20:39 - 00078336 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._animate.pyd
    2015-02-19 23:47 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2014-11-25 02:42 - 2014-11-25 02:42 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8
    AlternateDataStreams: C:\ProgramData\TEMP:43AAB821
    AlternateDataStreams: C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm:$CmdZnID

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-105833367-992780291-1110841063-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
    MSCONFIG\startupreg: BrStsMon00 => c:\program files (x86)\browny02\brother\brstmonw.exe /autorun
    MSCONFIG\startupreg: CCleaner64.exe => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: ControlCenter4 => c:\program files (x86)\controlcenter4\brccboot.exe /autorun
    MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN338B3GMP05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QTTask.exe => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SkyDrive => "c:\users\home\appdata\local\microsoft\skydrive\skydrive.exe" /background
    MSCONFIG\startupreg: Spotify => "c:\users\home\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-105833367-992780291-1110841063-500 - Administrator - Disabled)
    Guest (S-1-5-21-105833367-992780291-1110841063-501 - Limited - Disabled)
    Home (S-1-5-21-105833367-992780291-1110841063-1000 - Administrator - Enabled) => C:\Users\Home
    HomeGroupUser$ (S-1-5-21-105833367-992780291-1110841063-1002 - Limited - Enabled)
    MASService (S-1-5-21-105833367-992780291-1110841063-1011 - Administrator - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-09 19:21:53.400
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-09 19:21:53.385
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-09 19:21:53.353
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-09 19:21:53.338
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-08 15:08:34.324
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-08 15:08:34.293
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-15 16:28:28.802
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-15 16:28:28.753
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-09-18 01:47:35.305
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-09-18 01:47:35.258
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
    Percentage of memory in use: 27%
    Total physical RAM: 7970.21 MB
    Available physical RAM: 5782.95 MB
    Total Pagefile: 15938.62 MB
    Available Pagefile: 13496.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:698.54 GB) (Free:537.47 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 56AC010C)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  24. Corey Dawkins

    Corey Dawkins TS Rookie Topic Starter Posts: 24

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2015 01
    Ran by Home at 2015-03-09 21:40:05 Run:1
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available profiles: Home & Classic .NET AppPool & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{bf1da33b-d270-4d68-ac98-f5fd9f4fb489} <======= ATTENTION (Policy Restriction on IP)
    SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> URL http://search.conduit.com/Results.a...-41E2-80B4-AB42071A858B&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2014-02-07 00:33 - 2014-02-07 00:33 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2014-12-04 03:26 - 2014-12-04 03:26 - 0000008 ____H () C:\Users\Home\AppData\Roaming\Pref - 7621d
    2015-02-16 15:54 - 2015-02-16 15:54 - 0000024 ___SH () C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat
    2014-12-04 03:26 - 2014-10-07 06:33 - 0000008 ____H () C:\Users\Home\AppData\Roaming\sysuser_32
    2015-01-28 15:21 - 2015-01-28 15:21 - 0000046 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2015-01-18 16:15 - 2015-01-18 16:15 - 0000038 ___SH () C:\Users\Home\AppData\Local\5678c43253f8bbb5ed82a9.59421958
    2014-12-30 12:48 - 2014-12-30 12:49 - 0000600 _____ () C:\Users\Home\AppData\Local\PUTTY.RND
    2015-01-04 00:47 - 2015-01-04 00:47 - 0001239 _____ () C:\Users\Home\AppData\Local\recently-used.xbel
    2014-09-16 14:18 - 2014-09-16 14:18 - 0007644 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2014-07-09 16:07 - 2014-07-09 16:07 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-01-30 23:05 - 2014-01-30 23:53 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-03-06 12:32 - 2015-03-06 12:32 - 0424186 _____ () C:\ProgramData\SMRResults430.dat
    C:\ProgramData\SMRResults430.dat
    C:\Users\Home\jobq.dat
    C:\Users\Home\setup.exe
    C:\Users\Home\AppData\Local\Temp\Quarantine.exe
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll
    Task: {1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506} - System32\Tasks\ASC7_SkipUac_Home => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7
    Task: {80728DA7-53C1-4360-82A3-0342E5D9DA7A} - \Advanced System Protector_startup No Task File <==== ATTENTION
    2015-03-08 04:45 - 2015-03-08 04:45 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
    2015-03-08 04:39 - 2015-03-08 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Comodo
    2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\ProgramData\Comodo Downloader
    2015-03-08 04:38 - 2015-03-08 05:14 - 00000000 ____D () C:\ProgramData\Comodo
    Task: {C044DA37-1082-48F8-BE12-F5241AD148F6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Program Files\COMODO
    Task: {D4C0CAC3-A85A-4E00-A84E-851CC3014DE8} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {E2FFFCC8-3412-44A9-A213-DD753C991B35} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {F29B4BE4-DE46-447D-AB36-EEE495A9F4A3} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    Task: {F73EF4EA-837E-4B80-A3E0-292AAFFF380D} - \AutoKMS No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8
    AlternateDataStreams: C:\ProgramData\TEMP:43AAB821
    AlternateDataStreams: C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm:$CmdZnID

    *****************

    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => Key not found.
    "HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value deleted successfully.
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
    HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully.
    HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Key not found.
    catchme => Service deleted successfully.
    C:\Program Files (x86)\Common Files\lpuninstall.exe => Moved successfully.
    C:\Users\Home\AppData\Roaming\Pref - 7621d => Moved successfully.
    C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat => Moved successfully.
    C:\Users\Home\AppData\Roaming\sysuser_32 => Moved successfully.
    C:\Users\Home\AppData\Roaming\WB.CFG => Moved successfully.
    C:\Users\Home\AppData\Local\5678c43253f8bbb5ed82a9.59421958 => Moved successfully.
    C:\Users\Home\AppData\Local\PUTTY.RND => Moved successfully.
    C:\Users\Home\AppData\Local\recently-used.xbel => Moved successfully.
    C:\Users\Home\AppData\Local\Resmon.ResmonCfg => Moved successfully.
    C:\ProgramData\Ament.ini => Moved successfully.
    C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => Moved successfully.
    C:\ProgramData\SMRResults430.dat => Moved successfully.
    "C:\ProgramData\SMRResults430.dat" => File/Directory not found.
    C:\Users\Home\jobq.dat => Moved successfully.
    C:\Users\Home\setup.exe => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ASC7_SkipUac_Home => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Home" => Key deleted successfully.
    "C:\Program Files (x86)\IObit\Advanced SystemCare 7" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80728DA7-53C1-4360-82A3-0342E5D9DA7A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80728DA7-53C1-4360-82A3-0342E5D9DA7A}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key not found.
    C:\Windows\System32\Tasks\COMODO => Moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo => Moved successfully.
    C:\Users\Home\AppData\Local\Comodo => Moved successfully.
    C:\ProgramData\Comodo Downloader => Moved successfully.
    C:\ProgramData\Comodo => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C044DA37-1082-48F8-BE12-F5241AD148F6}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C044DA37-1082-48F8-BE12-F5241AD148F6}" => Key deleted successfully.
    C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => Key deleted successfully.
    "C:\Program Files\COMODO" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D4C0CAC3-A85A-4E00-A84E-851CC3014DE8}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4C0CAC3-A85A-4E00-A84E-851CC3014DE8}" => Key deleted successfully.
    C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2FFFCC8-3412-44A9-A213-DD753C991B35}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2FFFCC8-3412-44A9-A213-DD753C991B35}" => Key deleted successfully.
    C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F29B4BE4-DE46-447D-AB36-EEE495A9F4A3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F29B4BE4-DE46-447D-AB36-EEE495A9F4A3}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ASC7_PerformanceMonitor => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F73EF4EA-837E-4B80-A3E0-292AAFFF380D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F73EF4EA-837E-4B80-A3E0-292AAFFF380D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
    C:\ProgramData\TEMP => ":0CA8EFF8" ADS removed successfully.
    C:\ProgramData\TEMP => ":43AAB821" ADS removed successfully.
    C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm => ":$CmdZnID" ADS removed successfully.

    ==== End of Fixlog 21:40:07 ====
     
  25. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    See if you can access MIcrosoft site now....

    Then...

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...