Solved Real stubborn malware that I can't find or get rid of

Corey Dawkins

Posts: 24   +0
For about 5-6 days I've been having a lot of trouble with an unknown malware that I can't find the root cause of. It started off with malwarebytes popping up and blocking certain incoming and outgoing traffic. I ran malwarebytes, norton 360, and CCleaner and that issue is going away but now I have trouble downloading or going to many, if not most, of the trusted anti-malware sites/software, like BleepingComputer.com and others like it. It also does not let me get updates from those sites.

I can get to any other type of site, just not those to do with internet security and malware cleaning specifically. I tried to follow other direction but I think I might have messed up other things, plus it didn't solve my issue. Now, I can't connect to the localhost server on my machine for MySQL databases that I have. Any help will be so much appreciated. If I'm not able to get my work back, this will set me back a month or so.

Here is the malwarebytes log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/8/2015
Scan Time: 4:17:43 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425152
Time Elapsed: 13 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Here is the DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by Home at 16:42:55 on 2015-03-08
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7970.5060 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
C:\Program Files (x86)\RescueTime\RescueTime.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\prevhost.exe
C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
uRun: [Akamai NetSession Interface] "C:\Users\Home\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [JunosPulse] C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONEDRI~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: LastPass - C:\Users\Home\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Home\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\7456F627765672370275962756C6563737D27657563747 : DHCPNameServer = 68.87.66.254 162.150.8.31 192.168.33.1
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\C6F67616E677966696 : DHCPNameServer = 192.168.240.1 8.8.8.8
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627 : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E647562723 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-11-6 36608]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-1-30 129752]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2015-3-7 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2015-3-7 1148120]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-9 46368]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [2015-2-24 1622744]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2015-3-7 162392]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSviA64.sys [2015-3-6 669400]
R1 jnprns;Juniper Network Service;C:\Windows\System32\drivers\jnprns.sys [2014-12-17 507192]
R1 pwipf6;Privacyware Filter Driver;C:\Windows\System32\drivers\pwipf6.sys [2015-3-8 133152]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2015-3-7 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2015-3-7 593112]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-2-3 122072]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-2-3 388824]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-2-3 794328]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-11-25 2711736]
R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2014-8-7 166232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-17 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-17 969016]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2015-3-7 265040]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2014-8-6 6144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 124560]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2014-3-13 230920]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-3-13 69640]
R2 PFNet;Privacyware network service;C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2015-2-19 266240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-3-7 142640]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-2-11 169752]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-11-6 454416]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2014-7-8 45352]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2014-2-11 129224]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-17 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-17 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 rtsuvc;Realtek USB2.0 PC Camera;C:\Windows\System32\drivers\rtsuvc.sys [2014-11-6 9101016]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-2-11 34544]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-2-3 409304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2013-7-18 83224]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-6-24 58368]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-11 114688]
S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\System32\drivers\jnprva.sys [2014-7-8 30072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-24 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 jnprTdi_806_48695;Juniper Networks TDI Filter Driver (jnprTdi_806_48695);C:\Windows\System32\drivers\jnprTdi_806_48695.sys [2014-12-17 108344]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 60 ================
.
2015-03-08 19:10:17 -------- d-----w- C:\$RECYCLE.BIN
2015-03-08 19:01:30 98816 ----a-w- C:\Windows\sed.exe
2015-03-08 19:01:30 256000 ----a-w- C:\Windows\PEV.exe
2015-03-08 19:01:30 208896 ----a-w- C:\Windows\MBR.exe
2015-03-08 18:42:19 -------- d-----w- C:\ProgramData\CheckPoint
2015-03-08 18:36:22 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E2CD330-83F1-4186-AD7E-24D01683C219}\mpengine.dll
2015-03-08 18:05:37 -------- d-----w- C:\SUPERDelete
2015-03-08 17:59:28 -------- d-----w- C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
2015-03-08 17:59:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2015-03-08 17:59:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2015-03-08 17:52:41 79064 ----a-w- C:\Windows\System32\drivers\dyaepb.sys
2015-03-08 17:16:58 -------- d-----w- C:\ProgramData\UVK
2015-03-08 17:16:55 -------- d-----w- C:\Program Files\UVK - Ultra Virus Killer
2015-03-08 11:17:44 -------- d-----w- C:\Users\Home\AppData\Local\Privatefirewall
2015-03-08 11:15:18 133152 ----a-w- C:\Windows\System32\drivers\pwipf6.sys
2015-03-08 11:15:13 -------- d-----w- C:\ProgramData\Privacyware
2015-03-08 11:15:13 -------- d-----w- C:\Program Files (x86)\Privacyware
2015-03-08 08:39:23 -------- d-----w- C:\Users\Home\AppData\Local\Comodo
2015-03-08 08:39:03 -------- d-----w- C:\ProgramData\Comodo Downloader
2015-03-08 08:38:27 -------- d-----w- C:\ProgramData\Comodo
2015-03-08 08:14:04 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-03-08 08:14:02 -------- d-----w- C:\ProgramData\RogueKiller
2015-03-08 05:04:31 -------- d-----w- C:\Users\Home\AppData\Roaming\Task Coach
2015-03-08 05:04:15 -------- d-----w- C:\Program Files (x86)\TaskCoach
2015-03-08 03:46:52 -------- d-----w- C:\Users\Home\AppData\Roaming\tixati
2015-03-08 03:46:25 -------- d-----w- C:\Program Files\tixati
2015-03-08 03:39:56 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2015-03-08 03:39:56 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2015-03-08 03:39:56 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2015-03-08 03:39:56 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2015-03-08 03:39:56 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2015-03-08 03:39:56 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2015-03-08 03:39:56 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2015-03-08 03:39:55 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2015-03-08 03:39:33 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2015-03-08 01:52:09 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2015-03-08 01:52:09 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2015-03-08 01:51:08 -------- d-----w- C:\Windows\System32\drivers\N360x64
2015-03-08 01:51:07 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2015-03-08 01:35:25 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2015-03-07 16:57:25 -------- d-----w- C:\img
2015-03-07 16:53:45 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-07 13:46:05 -------- d-----w- C:\Users\Home\AppData\Roaming\Local Store
2015-03-05 16:44:03 -------- d-----w- C:\Program Files (x86)\DBConvert
2015-03-05 14:24:51 -------- d-----w- C:\Users\Home\AppData\Roaming\RStudio
2015-03-05 06:08:19 -------- d-----w- C:\Users\Home\AppData\Local\RStudio-Desktop
2015-03-05 06:05:45 -------- d-----w- C:\Program Files\RStudio
2015-03-05 06:04:53 -------- d-----w- C:\Program Files\R
2015-03-05 05:42:31 2623488 ----a-w- C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-03-04 16:19:27 -------- d-----w- C:\Program Files\IBM
2015-03-03 01:10:59 -------- d-----w- C:\Users\Home\AppData\Roaming\PC-FAX TX
2015-03-02 00:27:03 -------- d-----w- C:\Users\Home\AppData\Local\AutoIt v3
2015-03-02 00:10:27 -------- d-----w- C:\Program Files (x86)\AutoIt3
2015-03-01 03:16:11 -------- d-----w- C:\Program Files\iPod
2015-03-01 03:16:11 -------- d-----w- C:\Program Files (x86)\iTunes
2015-03-01 03:16:10 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-01 03:16:10 -------- d-----w- C:\Program Files\iTunes
2015-03-01 03:14:57 -------- d-----w- C:\Program Files\Bonjour
2015-03-01 03:14:57 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-02-25 14:36:14 -------- d-----w- C:\Users\Home\AppData\Roaming\VideoAnalyzer
2015-02-25 14:35:22 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2015-02-25 14:34:32 7440 ----a-w- C:\Windows\SysWow64\ppmon.dll
2015-02-25 14:34:32 41984 ----a-w- C:\Windows\System32\ppmon64.exe
2015-02-25 14:34:32 245568 ----a-w- C:\Windows\System32\NWKL2_64.DLL
2015-02-25 14:34:32 24136 ----a-w- C:\Windows\SysWow64\ppmon.exe
2015-02-25 14:34:32 236352 ----a-w- C:\Windows\System32\KL2DLL64.DLL
2015-02-25 14:34:32 207168 ----a-w- C:\Windows\SysWow64\NWKL2_32.DLL
2015-02-25 14:34:32 198976 ----a-w- C:\Windows\SysWow64\KL2DLL32.DLL
2015-02-25 14:34:32 12480 ----a-w- C:\Windows\SysWow64\KL2N.DLL
2015-02-25 14:34:31 -------- d-----w- C:\Users\Home\AppData\Local\KEYLOK
2015-02-25 14:34:27 -------- d-----w- C:\VideosForAnalysis
2015-02-24 15:31:04 -------- d-----r- C:\Users\Home\OneDrive - Probaseballinjuries.com
2015-02-22 16:33:55 -------- d-----w- C:\Program Files (x86)\Western Digital
2015-02-22 14:22:47 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-02-22 14:22:46 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1A4174A-9D96-4FA9-9150-B52190C725CA}\gapaengine.dll
2015-02-20 03:48:08 -------- d-----w- C:\Brother
2015-02-20 03:48:03 -------- d-----w- C:\ProgramData\ControlCenter4
2015-02-20 03:48:03 -------- d-----w- C:\Program Files (x86)\Browny02
2015-02-20 03:47:46 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll
2015-02-20 03:47:46 245760 ------w- C:\Windows\SysWow64\NSSearch.dll
2015-02-20 03:47:45 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
2015-02-20 03:47:45 5120 ------w- C:\Windows\SysWow64\BrDctF2S.dll
2015-02-19 03:10:13 -------- d-----w- C:\Users\Home\AppData\Local\twitter
2015-02-19 03:07:58 -------- d-----w- C:\Program Files (x86)\Twitter
2015-02-14 16:30:49 -------- d-----w- C:\ProgramData\BlueStacks
2015-02-14 16:30:49 -------- d-----w- C:\Program Files (x86)\BlueStacks
2015-02-14 16:30:07 -------- d-----w- C:\Users\Home\AppData\Local\Bluestacks
2015-02-13 17:56:39 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-13 17:56:38 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-13 17:56:38 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-13 17:56:38 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-13 17:52:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2015-02-13 17:52:14 -------- d-----w- C:\Program Files\Microsoft Security Client
2015-02-13 01:01:47 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-02-13 01:01:47 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-02-13 01:01:47 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-02-13 01:01:47 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-02-11 09:18:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-02-11 09:17:58 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-06 03:43:42 -------- d-sh--w- C:\Users\Home\AppData\Local\ms-drivers
2015-02-03 23:07:16 69632 ----a-w- C:\Windows\SysWow64\rtact.ocx
2015-02-02 03:28:36 -------- d-----w- C:\Users\Home\Tracing
2015-02-02 03:22:42 -------- d-----w- C:\Users\Home\AppData\Local\Skype
2015-02-02 03:22:31 -------- d-----r- C:\Program Files (x86)\Skype
2015-01-28 16:58:37 -------- d-----w- C:\Users\Home\.eclipse
2015-01-25 04:23:07 -------- d-----w- C:\Users\Home\AppData\Roaming\Extreme URL Generator
2015-01-25 04:10:10 -------- d-----w- C:\Program Files (x86)\Extreme URL Generator
2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-22 06:46:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-01-22 03:30:43 -------- d-----w- C:\NPE
2015-01-18 20:15:59 -------- d-sh--w- C:\Users\Home\AppData\Local\icsxml
2015-01-18 20:15:54 -------- d-----w- C:\Users\Home\AppData\Local\Paprika
2015-01-18 20:15:44 -------- d-----w- C:\Program Files (x86)\Paprika Recipe Manager
2015-01-13 21:55:52 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-13 21:55:50 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-13 21:55:50 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-13 21:55:50 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-13 21:55:46 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-13 21:55:18 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-12 04:53:48 -------- d-----w- C:\ProgramData\Radium Technologies
2015-01-12 04:53:48 -------- d-----w- C:\Program Files (x86)\Radium Technologies
2015-01-11 21:15:50 -------- d-----w- C:\Users\Home\AppData\Local\Spotify
2015-01-11 21:12:24 -------- d-----w- C:\Users\Home\AppData\Roaming\Spotify
.
==================== Find6M ====================
.
2015-03-08 20:15:11 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-09 13:42:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-05 00:40:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 00:40:19 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-12-08 19:48:22 6453248 ----a-w- C:\Windows\SysWow64\uEye_api.dll
2014-12-08 19:48:22 1294336 ----a-w- C:\Windows\SysWow64\uEyeCam.ocx
2014-12-08 03:09:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
2014-12-08 02:46:05 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2014-11-26 03:53:59 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-26 03:32:05 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-21 10:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 10:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 10:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 14:03:09 4028928 ----a-w- C:\Windows\System32\drivers\athrx.sys
2014-11-15 19:46:08 274696 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-11-15 19:46:08 124560 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-06 04:44:46 125952 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2014-11-06 04:44:17 454416 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2014-11-06 04:44:04 36608 ----a-w- C:\Windows\System32\drivers\amdkmpfd.sys
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
.
============= FINISH: 16:43:24.70 ===============
 
Here is the attach.TXT


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2013 6:24:28 PM
System Uptime: 3/8/2015 3:14:32 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53E
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 540.383 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
AES Crypt
Akamai NetSession Interface
Alcor Micro USB Card Reader Driver
Amazon Kindle
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AutoIt v3.3.12.0
AviSynth 2.5
BlueStacks App Player
BlueStacks Notification Center
Bonjour
Brother MFL-Pro Suite MFC-J435W
Catalina Savings Printer
CCleaner
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
DHTML Editing Component
Dropbox
Evernote v. 5.8.3
Extreme URL Generator 1.4
Foxit Reader
Getting Things Done Outlook Add-In
Google Chrome
Google Drive
Google Update Helper
HP Officejet Pro 8600 Basic Device Software
IBM SPSS Statistics 21
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Watchdog Timer Driver (Intel® WDT)
iTunes
Java 8 Update 31
Java Auto Updater
Juniper Citrix Services Client
Juniper Networks Network Connect 7.1.17
Juniper Networks Setup Client
Juniper Networks Setup Client 64-bit Activex Control
Juniper Networks, Inc. Setup Client Activex Control
Junos Pulse 5.0
Junos Pulse Core Components
Junos Pulse Drivers Add-On
Junos Pulse Host Checker Plugin Add-On
Junos Pulse Tunnel Manager Add-On
Junos Pulse UAC/NC Components
LastPass (uninstall only)
Legacy 8.0
Malwarebytes Anti-Malware version 2.0.4.1028
Mendeley Desktop 1.12.2
Microsoft .NET Framework 4.5.2
Microsoft Office 365 Business - en-us
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft SharePoint Designer 2013 - en-us
Microsoft Silverlight
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft WSE 3.0 Runtime
Mozilla Firefox 36.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector/ODBC 5.3
MySQL Fabric 1.5.3 & MySQL Utilities 1.5.3
MySQL Installer
MySQL Server 5.6
MySQL Workbench 6.2 CE
Neat
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner Driver
NeatConnect Scanner Driver
Nitro Pro 9
Norton Security Suite
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Online Plug-in
Paprika Recipe Manager
PhotoScape
Picasa 3
Privatefirewall 7.0
PSPad editor
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
QuickTime 7
R for Windows 3.1.2
Realtek High Definition Audio Driver
RescueTime 2.10.1.1240
RStudio
Self-service Plug-in
Send To Neat
Skype™ 7.1
Sonic Focus
Spotify
SQLyog 11.33 (64 bit)
SUPERAntiSpyware
Synaptics Pointing Device Driver
Task Coach 1.4.2
Tixati
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wmaiper
TurboTax 2013 wrapper
TweetDeck
USB2.0 UVC VGA WebCam
UVK - Ultra Virus Killer
VC8 CRT
WD My Cloud
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0)
XAMPP
YNAB 4 version 4.3.656
.
==== Event Viewer Messages From Past Week ========
.
3/8/2015 3:15:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/8/2015 3:15:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: zlnimc
3/8/2015 3:15:03 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
3/8/2015 3:14:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/8/2015 3:14:53 PM, Error: Service Control Manager [7023] - The Windows Process Activation Service service terminated with the following error: The system cannot find the path specified.
3/8/2015 3:14:53 PM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The system cannot find the path specified.
3/8/2015 3:14:52 PM, Error: Microsoft-Windows-WAS [5188] - The directory specified for the temporary application pool config files is either missing or is not accessible by the Windows Process Activation Service. Please specify an existing directory and/or ensure that it has proper access flags. The data field contains the error number.
3/8/2015 3:14:52 PM, Error: Microsoft-Windows-WAS [5005] - Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
3/8/2015 3:13:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 2:25:05 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 2:23:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 2:23:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2015 2:23:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2015 2:23:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2015 2:23:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/8/2015 2:23:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 MpFilter SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 zlnimc
3/8/2015 2:23:04 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2015 2:23:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/8/2015 2:09:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/8/2015 2:08:34 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/8/2015 2:01:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/8/2015 2:00:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 2:00:20 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
3/8/2015 2:00:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/8/2015 2:00:00 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/8/2015 12:41:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
3/8/2015 12:40:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.193.2001.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11400.0 Error code: 0x80072ee2 Error description: The operation timed out
3/8/2015 12:40:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.193.2001.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11400.0 Error code: 0x80072ee2 Error description: The operation timed out
3/8/2015 12:40:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.193.2001.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11400.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/8/2015 12:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/8/2015 12:29:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/8/2015 12:29:57 PM, Error: Service Control Manager [7034] - The Privacyware network service service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:28:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 MpFilter spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 zlnimc
3/8/2015 12:28:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/8/2015 12:23:42 PM, Error: Service Control Manager [7009] - A timeout was reached (180000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
3/8/2015 12:23:42 PM, Error: Service Control Manager [7000] - The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2015 12:19:49 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:49 PM, Error: Service Control Manager [7034] - The BlueStacks Android Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:48 PM, Error: Service Control Manager [7034] - The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:47 PM, Error: Service Control Manager [7034] - The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:44 PM, Error: Service Control Manager [7034] - The NitroPDFDriverCreatorReadSpool9 service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:44 PM, Error: Service Control Manager [7034] - The Neat Startup Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:44 PM, Error: Service Control Manager [7034] - The Nalpeiron Licensing Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:43 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:43 PM, Error: Service Control Manager [7034] - The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:43 PM, Error: Service Control Manager [7031] - The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/8/2015 12:19:43 PM, Error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/8/2015 12:19:43 PM, Error: Service Control Manager [7031] - The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/8/2015 12:19:42 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:42 PM, Error: Service Control Manager [7034] - The BlueStacks Log Rotator Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2015 12:19:42 PM, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2015 12:19:41 PM, Error: Service Control Manager [7031] - The Juniper Unified Network Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/8/2015 1:57:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2015 1:57:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2015 1:57:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 jnprns MpFilter NetBIOS NetBT nsiproxy Psched pwipf6 rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf zlnimc
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2015 1:57:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2015 1:57:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/8/2015 1:23:32 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

redtarget.gif
You're running two AV programs, MSE and Norton.
You must uninstall one of them.
If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html
If you decide to keep Norton instead you have to uninstall Privatefirewall 7.0 because you can't be running two firewall either (Norton provides one already)..

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
Thank you so much for helping me.

I uninstalled PrivateFirewall 7.0 no problem. After the reboot, I tried to uninstall Microsoft Security Essentials through the control panel and it gave me this error:

"You do not have sufficient access to uninstall Microsoft Security Essentials. Please contact your system administrator".

I tried to uninstall it through CCleaner and it gave me this error:

Error:1260 - This program is blocked by group policy. For more information, contact your system administrator."

Should I continue with your other steps or wait until I fully uninstall MSE?
 
OK, let's leave it for now.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I was only able to download the combofix from geekstogo. I was unable to get the rkill link to work but I had an earlier version already on my computer.

I restarted in safe mode and ran rkill. I was unable to get combofix to work, even after renaming because it says that microsoft security essentials and norton were both running. For norton, I disabled the active protection and the firewall prior to running these but it still came up as active. I tried to kill the process and the service through the task manager but it said that "access is denied".

The rkill log is below:

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/08/2015 09:19:26 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 03/08/2015 09:19:47 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
 
In safe mode you don't have to disable anything so disregard Combofix warnings and run it anyway (in safe mode).
 
Here is the ComboFix log:

ComboFix 15-03-09.01 - Home 03/09/2015 17:52:42.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7970.7181 [GMT -4:00]
Running from: c:\users\Home\Desktop\your_name.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2015-02-09 to 2015-03-09 )))))))))))))))))))))))))))))))
.
.
2015-03-09 21:59 . 2015-03-09 21:59 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2015-03-09 21:59 . 2015-03-09 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-09 21:59 . 2015-03-09 21:59 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2015-03-08 18:42 . 2015-03-08 18:42 -------- d-----w- c:\programdata\CheckPoint
2015-03-08 18:36 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E2CD330-83F1-4186-AD7E-24D01683C219}\mpengine.dll
2015-03-08 18:05 . 2015-03-08 18:05 -------- d-----w- C:\SUPERDelete
2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com
2015-03-08 17:59 . 2015-03-09 00:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-03-08 17:52 . 2015-03-08 17:52 79064 ----a-w- c:\windows\system32\drivers\dyaepb.sys
2015-03-08 17:16 . 2015-03-08 17:24 -------- d-----w- c:\programdata\UVK
2015-03-08 17:16 . 2015-03-08 18:20 -------- d-----w- c:\program files\UVK - Ultra Virus Killer
2015-03-08 11:17 . 2015-03-08 11:17 -------- d-----w- c:\users\Home\AppData\Local\Privatefirewall
2015-03-08 11:15 . 2015-03-08 11:15 -------- d-----w- c:\programdata\Privacyware
2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\users\Home\AppData\Local\Comodo
2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\programdata\Comodo Downloader
2015-03-08 08:38 . 2015-03-08 09:14 -------- d-----w- c:\programdata\Comodo
2015-03-08 08:14 . 2015-03-08 18:02 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-08 08:14 . 2015-03-08 08:27 -------- d-----w- c:\programdata\RogueKiller
2015-03-08 05:04 . 2015-03-09 02:46 -------- d-----w- c:\users\Home\AppData\Roaming\Task Coach
2015-03-08 05:04 . 2015-03-08 05:04 -------- d-----w- c:\program files (x86)\TaskCoach
2015-03-08 01:52 . 2015-03-08 01:52 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-08 01:52 . 2015-03-08 01:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-08 01:51 . 2015-03-08 03:48 -------- d-----w- c:\windows\system32\drivers\N360x64
2015-03-08 01:51 . 2015-03-08 01:51 -------- d-----w- c:\program files (x86)\Norton Security Suite
2015-03-08 01:35 . 2015-03-08 01:35 -------- d-----w- c:\program files (x86)\NortonInstaller
2015-03-07 16:57 . 2015-03-07 16:57 -------- d-----w- C:\img
2015-03-07 16:53 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-07 13:46 . 2015-03-07 13:47 -------- d-----w- c:\users\Home\AppData\Roaming\Local Store
2015-03-05 16:44 . 2015-03-05 16:44 -------- d-----w- c:\program files (x86)\DBConvert
2015-03-05 14:24 . 2015-03-05 14:24 -------- d-----w- c:\users\Home\AppData\Roaming\RStudio
2015-03-05 06:08 . 2015-03-05 18:09 -------- d-----w- c:\users\Home\AppData\Local\RStudio-Desktop
2015-03-05 06:04 . 2015-03-05 06:04 -------- d-----w- c:\program files\R
2015-03-05 05:42 . 2015-03-05 05:42 2623488 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll
2015-03-04 16:19 . 2015-03-04 16:19 -------- d-----w- c:\program files\IBM
2015-03-03 01:10 . 2015-03-03 01:10 -------- d-----w- c:\users\Home\AppData\Roaming\PC-FAX TX
2015-03-02 00:27 . 2015-03-02 00:27 -------- d-----w- c:\users\Home\AppData\Local\AutoIt v3
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files (x86)\iTunes
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iPod
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iTunes
2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files\Bonjour
2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files (x86)\Bonjour
2015-03-01 03:14 . 2015-03-01 03:16 -------- d-----w- c:\program files\Common Files\Apple
2015-02-24 15:31 . 2015-03-09 02:46 -------- d-----r- c:\users\Home\OneDrive - Probaseballinjuries.com
2015-02-22 16:33 . 2015-02-22 16:33 -------- d-----w- c:\program files (x86)\Western Digital
2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1A4174A-9D96-4FA9-9150-B52190C725CA}\gapaengine.dll
2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- C:\Brother
2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\programdata\ControlCenter4
2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\program files (x86)\Browny02
2015-02-20 03:47 . 2012-03-19 18:09 245760 ------w- c:\windows\SysWow64\NSSearch.dll
2015-02-20 03:47 . 2007-12-14 03:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2015-02-20 03:47 . 2012-07-09 22:19 5120 ------w- c:\windows\SysWow64\BrDctF2S.dll
2015-02-20 03:47 . 2010-03-16 00:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2015-02-20 03:46 . 2015-03-08 10:33 -------- d-----w- c:\users\Home\AppData\Roaming\InstallShield
2015-02-19 03:10 . 2015-02-19 03:10 -------- d-----w- c:\users\Home\AppData\Local\twitter
2015-02-19 03:07 . 2015-02-19 03:07 -------- d-----w- c:\program files (x86)\Twitter
2015-02-14 16:30 . 2015-03-09 01:51 -------- d-----w- c:\program files (x86)\BlueStacks
2015-02-14 16:30 . 2015-02-14 16:31 -------- d-----w- c:\programdata\BlueStacks
2015-02-14 16:30 . 2015-02-14 16:30 -------- d-----w- c:\users\Home\AppData\Local\Bluestacks
2015-02-13 17:56 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 17:56 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 17:56 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 17:56 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files\Microsoft Security Client
2015-02-13 01:01 . 2015-02-13 01:01 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-13 01:01 . 2015-02-13 01:01 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-13 01:01 . 2015-02-13 01:01 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-13 01:01 . 2015-02-13 01:01 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-11 09:18 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 09:17 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-09 21:49 . 2014-01-30 04:20 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 13:17 . 2013-07-08 22:40 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-12 08:01 . 2013-07-08 23:23 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-09 13:42 . 2014-07-18 19:18 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-05 00:40 . 2013-07-15 18:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 00:40 . 2013-07-15 18:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-03 23:07 . 2015-02-03 23:07 69632 ----a-w- c:\windows\SysWow64\rtact.ocx
2015-01-14 04:03 . 2014-11-25 06:45 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-12-19 03:06 . 2015-01-13 21:55 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 21:55 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 21:55 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-07 04:33 . 2014-02-07 04:33 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Home\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com" [2015-03-08 7780120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"JunosPulse"="c:\program files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe" [2014-08-07 2521944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\GROOVE.EXE /RunFolderSync /TrayOnly [2014-12-23 8709304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-2-7 13024768]
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2014-12-4 3407360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcssync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\utorrent
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 zlnimc;zlnimc; [x]
R1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [x]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
R1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [x]
R1 jnprns;Juniper Network Service;c:\windows\system32\DRIVERS\jnprns.sys;c:\windows\SYSNATIVE\DRIVERS\jnprns.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
R2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 jnprTdi_806_48695;Juniper Networks TDI Filter Driver (jnprTdi_806_48695);c:\windows\system32\Drivers\jnprTdi_806_48695.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_806_48695.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 06:57 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 00:40]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
.
2015-03-09 c:\windows\Tasks\injury database backup.job
- c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
.
2015-02-02 c:\windows\Tasks\retrosheet_backup.job
- c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
.
2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip bookmark - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
Trusted Zone: sharepoint.com\probaseballinjuries
Trusted Zone: sharepoint.com\probaseballinjuries-my
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-09 18:01:59
ComboFix-quarantined-files.txt 2015-03-09 22:01
ComboFix2.txt 2015-03-08 19:16
.
Pre-Run: 577,805,090,816 bytes free
Post-Run: 577,368,965,120 bytes free
.
- - End Of File - - F7C84DD93D467BB258E7B0FB8457253E
A36C5E4F47E84449FF07ED3517B43A31
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\drivers\dyaepb.sys

Folder::

Driver::
dyaepb
zlnimc

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
It did ask to be rebooted. You will see that MSE and Norton were still active, despite myself trying to close it down.

ComboFix 15-03-09.01 - Home 03/09/2015 19:14:38.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7970.5863 [GMT -4:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\dyaepb.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Home\AppData\Local\Temp\_MEI20562\_ctypes.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\_elementtree.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\_hashlib.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\_multiprocessing.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\_socket.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\_ssl.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\_yappi.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\hashobjs_ext.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\pyexpat.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\pysqlite2._sqlite.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\python27.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\pythoncom27.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\PyWinTypes27.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\select.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\unicodedata.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32api.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32com.shell.shell.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32crypt.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32event.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32file.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32gui.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32inet.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32pdh.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32pipe.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32process.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32profile.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32security.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\win32ts.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\windows._lib_cacheinvalidation.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._animate.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._controls_.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._core_.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._gdi_.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._html2.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._misc_.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._windows_.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wx._wizard.pyd
c:\users\Home\AppData\Local\Temp\_MEI20562\wxbase294u_net_vc90.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\wxbase294u_vc90.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_adv_vc90.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_core_vc90.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_html_vc90.dll
c:\users\Home\AppData\Local\Temp\_MEI20562\wxmsw294u_webview_vc90.dll
c:\windows\system32\drivers\dyaepb.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ZLNIMC
-------\Service_zlnimc
.
.
((((((((((((((((((((((((( Files Created from 2015-02-09 to 2015-03-09 )))))))))))))))))))))))))))))))
.
.
2015-03-09 23:37 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CA84B1F-9D91-4AFD-BE0B-F65688282ECC}\gapaengine.dll
2015-03-09 23:37 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9661D26-0959-4294-B26D-2CCFD5FA79B3}\mpengine.dll
2015-03-09 23:22 . 2015-03-09 23:22 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2015-03-09 23:22 . 2015-03-09 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-09 23:22 . 2015-03-09 23:22 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2015-03-08 18:42 . 2015-03-08 18:42 -------- d-----w- c:\programdata\CheckPoint
2015-03-08 18:36 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-08 18:05 . 2015-03-08 18:05 -------- d-----w- C:\SUPERDelete
2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com
2015-03-08 17:59 . 2015-03-09 22:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-03-08 17:59 . 2015-03-08 17:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-03-08 17:16 . 2015-03-08 17:24 -------- d-----w- c:\programdata\UVK
2015-03-08 17:16 . 2015-03-08 18:20 -------- d-----w- c:\program files\UVK - Ultra Virus Killer
2015-03-08 11:17 . 2015-03-08 11:17 -------- d-----w- c:\users\Home\AppData\Local\Privatefirewall
2015-03-08 11:15 . 2015-03-08 11:15 -------- d-----w- c:\programdata\Privacyware
2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\users\Home\AppData\Local\Comodo
2015-03-08 08:39 . 2015-03-08 08:39 -------- d-----w- c:\programdata\Comodo Downloader
2015-03-08 08:38 . 2015-03-08 09:14 -------- d-----w- c:\programdata\Comodo
2015-03-08 08:14 . 2015-03-08 18:02 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-08 08:14 . 2015-03-08 08:27 -------- d-----w- c:\programdata\RogueKiller
2015-03-08 05:04 . 2015-03-09 02:46 -------- d-----w- c:\users\Home\AppData\Roaming\Task Coach
2015-03-08 05:04 . 2015-03-08 05:04 -------- d-----w- c:\program files (x86)\TaskCoach
2015-03-08 01:52 . 2015-03-08 01:52 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-08 01:52 . 2015-03-08 01:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-08 01:51 . 2015-03-08 03:48 -------- d-----w- c:\windows\system32\drivers\N360x64
2015-03-08 01:51 . 2015-03-08 01:51 -------- d-----w- c:\program files (x86)\Norton Security Suite
2015-03-08 01:35 . 2015-03-08 01:35 -------- d-----w- c:\program files (x86)\NortonInstaller
2015-03-07 16:57 . 2015-03-07 16:57 -------- d-----w- C:\img
2015-03-07 13:46 . 2015-03-07 13:47 -------- d-----w- c:\users\Home\AppData\Roaming\Local Store
2015-03-05 16:44 . 2015-03-05 16:44 -------- d-----w- c:\program files (x86)\DBConvert
2015-03-05 14:24 . 2015-03-05 14:24 -------- d-----w- c:\users\Home\AppData\Roaming\RStudio
2015-03-05 06:08 . 2015-03-05 18:09 -------- d-----w- c:\users\Home\AppData\Local\RStudio-Desktop
2015-03-05 06:04 . 2015-03-05 06:04 -------- d-----w- c:\program files\R
2015-03-05 05:42 . 2015-03-05 05:42 2623488 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll
2015-03-04 16:19 . 2015-03-04 16:19 -------- d-----w- c:\program files\IBM
2015-03-03 01:10 . 2015-03-03 01:10 -------- d-----w- c:\users\Home\AppData\Roaming\PC-FAX TX
2015-03-02 00:27 . 2015-03-02 00:27 -------- d-----w- c:\users\Home\AppData\Local\AutoIt v3
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files (x86)\iTunes
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iPod
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-01 03:16 . 2015-03-01 03:16 -------- d-----w- c:\program files\iTunes
2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files\Bonjour
2015-03-01 03:14 . 2015-03-01 03:14 -------- d-----w- c:\program files (x86)\Bonjour
2015-03-01 03:14 . 2015-03-01 03:16 -------- d-----w- c:\program files\Common Files\Apple
2015-02-24 15:31 . 2015-03-09 02:46 -------- d-----r- c:\users\Home\OneDrive - Probaseballinjuries.com
2015-02-22 16:33 . 2015-02-22 16:33 -------- d-----w- c:\program files (x86)\Western Digital
2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-02-22 14:22 . 2015-02-13 17:54 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1A4174A-9D96-4FA9-9150-B52190C725CA}\gapaengine.dll
2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- C:\Brother
2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\programdata\ControlCenter4
2015-02-20 03:48 . 2015-02-20 03:48 -------- d-----w- c:\program files (x86)\Browny02
2015-02-20 03:47 . 2012-03-19 18:09 245760 ------w- c:\windows\SysWow64\NSSearch.dll
2015-02-20 03:47 . 2007-12-14 03:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2015-02-20 03:47 . 2012-07-09 22:19 5120 ------w- c:\windows\SysWow64\BrDctF2S.dll
2015-02-20 03:47 . 2010-03-16 00:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2015-02-20 03:46 . 2015-03-08 10:33 -------- d-----w- c:\users\Home\AppData\Roaming\InstallShield
2015-02-19 03:10 . 2015-02-19 03:10 -------- d-----w- c:\users\Home\AppData\Local\twitter
2015-02-19 03:07 . 2015-02-19 03:07 -------- d-----w- c:\program files (x86)\Twitter
2015-02-14 16:30 . 2015-03-09 22:46 -------- d-----w- c:\program files (x86)\BlueStacks
2015-02-14 16:30 . 2015-02-14 16:31 -------- d-----w- c:\programdata\BlueStacks
2015-02-14 16:30 . 2015-02-14 16:30 -------- d-----w- c:\users\Home\AppData\Local\Bluestacks
2015-02-13 17:56 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 17:56 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 17:56 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 17:56 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2015-02-13 17:52 . 2015-02-13 17:52 -------- d-----w- c:\program files\Microsoft Security Client
2015-02-13 01:01 . 2015-02-13 01:01 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-13 01:01 . 2015-02-13 01:01 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-13 01:01 . 2015-02-13 01:01 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-13 01:01 . 2015-02-13 01:01 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-11 09:18 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 09:17 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-09 23:42 . 2014-01-30 04:20 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 13:17 . 2013-07-08 22:40 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-12 08:01 . 2013-07-08 23:23 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-09 13:42 . 2014-07-18 19:18 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-05 00:40 . 2013-07-15 18:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 00:40 . 2013-07-15 18:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-03 23:07 . 2015-02-03 23:07 69632 ----a-w- c:\windows\SysWow64\rtact.ocx
2015-01-14 04:03 . 2014-11-25 06:45 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-12-19 03:06 . 2015-01-13 21:55 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 21:55 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 21:55 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-07 04:33 . 2014-02-07 04:33 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Home\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com" [2015-03-08 7780120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"JunosPulse"="c:\program files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe" [2014-08-07 2521944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\GROOVE.EXE /RunFolderSync /TrayOnly [2014-12-23 8709304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-2-7 13024768]
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2014-12-4 3407360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcssync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\utorrent
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 jnprTdi_806_48695;Juniper Networks TDI Filter Driver (jnprTdi_806_48695);c:\windows\system32\Drivers\jnprTdi_806_48695.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_806_48695.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [x]
S1 jnprns;Juniper Network Service;c:\windows\system32\DRIVERS\jnprns.sys;c:\windows\SYSNATIVE\DRIVERS\jnprns.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 06:57 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 00:40]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 18:28]
.
2015-03-09 c:\windows\Tasks\injury database backup.job
- c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
.
2015-02-02 c:\windows\Tasks\retrosheet_backup.job
- c:\program files\SQLyog\SJA.exe [2014-02-07 06:04]
.
2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-03-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip bookmark - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Home\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
Trusted Zone: sharepoint.com\probaseballinjuries
Trusted Zone: sharepoint.com\probaseballinjuries-my
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}\D496368656C696023456E6475627: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{5A690345-C551-4924-8B33-D666310D40AF}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,2e,dc,d4,55,2f,fa,4e,84,d3,36,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
.
**************************************************************************
.
Completion time: 2015-03-09 19:44:52 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-09 23:44
ComboFix2.txt 2015-03-09 22:02
ComboFix3.txt 2015-03-08 19:16
.
Pre-Run: 577,323,429,888 bytes free
Post-Run: 577,214,361,600 bytes free
.
- - End Of File - - 3411C0A59A95AFEE3A48EDEF3D2716B9
A36C5E4F47E84449FF07ED3517B43A31
 
OK.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
I am unable to get the Farbar Recovery Scan tool. I tried in all the browsers. I cannot connect to any address in the bleepingcomputer domain.
 
Adwcleaner

# AdwCleaner v4.112 - Logfile created 09/03/2015 at 20:38:38
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Home - HOME-PC
# Running from : C:\Users\Home\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R1].txt - [2916 bytes] - [08/12/2013 16:43:35]
AdwCleaner[R2].txt - [6966 bytes] - [23/01/2014 16:36:15]
AdwCleaner[R3].txt - [1203 bytes] - [23/01/2014 16:38:48]
AdwCleaner[R4].txt - [3702 bytes] - [29/03/2014 16:26:04]
AdwCleaner[R5].txt - [1762 bytes] - [31/03/2014 23:56:20]
AdwCleaner[R6].txt - [5252 bytes] - [17/10/2014 01:37:34]
AdwCleaner[R7].txt - [4014 bytes] - [08/03/2015 14:20:46]
AdwCleaner[R8].txt - [1725 bytes] - [09/03/2015 20:37:13]
AdwCleaner[S1].txt - [2905 bytes] - [08/12/2013 16:44:13]
AdwCleaner[S2].txt - [6896 bytes] - [23/01/2014 16:36:41]
AdwCleaner[S3].txt - [1271 bytes] - [23/01/2014 16:39:21]
AdwCleaner[S4].txt - [3482 bytes] - [29/03/2014 16:27:18]
AdwCleaner[S5].txt - [1704 bytes] - [31/03/2014 23:57:12]
AdwCleaner[S6].txt - [5083 bytes] - [17/10/2014 01:39:47]
AdwCleaner[S7].txt - [3959 bytes] - [08/03/2015 14:23:30]
AdwCleaner[S8].txt - [1654 bytes] - [09/03/2015 20:38:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1713 bytes] ##########
 
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Home on Mon 03/09/2015 at 20:41:56.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util atuzi



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\ustechsupport"



~~~ FireFox

Successfully deleted the following from C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\zyiz0d55.default\prefs.js

user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\"?><MerchantSettings><v n=\"459\" /><GlobalSuppresses><s u=\".cab\" g=\"13\" I=\"1342\" /><s u=\".eot\" g
Emptied folder: C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\zyiz0d55.default\minidumps [197 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/09/2015 at 20:46:04.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Home (administrator) on HOME-PC on 09-03-2015 20:47:05
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available profiles: Home & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Akamai Technologies, Inc.) C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Home\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com [7780120 2015-03-08] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{bf1da33b-d270-4d68-ac98-f5fd9f4fb489} <======= ATTENTION (Policy Restriction on IP)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-105833367-992780291-1110841063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-105833367-992780291-1110841063-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> URL http://search.conduit.com/Results.a...-41E2-80B4-AB42071A858B&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> {7A0F2838-3066-4B3E-B589-796F18B02300} URL = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-02-07] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-02-07] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-02-07] (LastPass)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-02-07] (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-11-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2B5440DE-BE66-42A5-9FF4-C8CFDD7555F4}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5691BEF0-8C2D-4CC6-A9C1-655CDE1B1A9F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5A690345-C551-4924-8B33-D666310D40AF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A1D097A3-62FD-4127-B4B5-45CCE2603C7E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-04] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-02-07] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-02-07] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-01] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\searchplugins\baseball-referencecom.xml [2015-03-09]
FF Extension: LastPass - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\support@lastpass.com [2015-03-05]
FF Extension: Flash and Video Download - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-03-04]
FF Extension: Evernote Web Clipper - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-28]
FF Extension: Clearly - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\readable@evernote.com.xpi [2014-03-27]
FF Extension: EndNote Capture - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{322e833a-a7d4-4277-97c6-334fa1622d6a}.xpi [2014-10-17]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-10-04]
FF Extension: DownThemAll! - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-21]
FF Extension: Greasemonkey - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\zyiz0d55.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-13]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-09]

Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-06]
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-06]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09]
CHR Extension: (Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-06]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-01-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-06]
CHR Extension: (Clearly) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-12-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-06]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Evernote Web Clipper) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-01-27]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-03-07]
CHR HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Home\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-07]
CHR HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-03-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2014-11-06] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-24] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-09] (AVG Technologies)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-24] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-07] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-07] (Symantec Corporation)
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-15] (Lenovo)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150306.001\IDSvia64.sys [669400 2015-03-06] (Symantec Corporation)
R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
S4 jnprTdi_806_48695; C:\Windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-11-06] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150309.001\ENG64.SYS [129752 2015-03-07] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150309.001\EX64.SYS [2137304 2015-03-07] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9101016 2014-11-06] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-03-08] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
Part II



==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 20:47 - 2015-03-09 20:47 - 00032310 _____ () C:\Users\Home\Desktop\FRST.txt
2015-03-09 20:46 - 2015-03-09 20:47 - 00000000 ____D () C:\FRST
2015-03-09 20:46 - 2015-03-09 20:46 - 00001333 _____ () C:\Users\Home\Desktop\JRT.txt
2015-03-09 20:41 - 2015-03-09 20:41 - 00001793 _____ () C:\Users\Home\Desktop\AdwCleaner[S8].txt
2015-03-09 20:34 - 2015-03-09 20:34 - 02095104 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2015-03-09 20:28 - 2015-03-09 20:28 - 01388333 _____ (Thisisu) C:\Users\Home\Desktop\JRT.exe
2015-03-09 20:27 - 2015-03-09 20:27 - 02171392 _____ () C:\Users\Home\Desktop\adwcleaner_4.112.exe
2015-03-09 19:44 - 2015-03-09 19:44 - 00041401 _____ () C:\ComboFix.txt
2015-03-08 21:16 - 2015-03-08 21:16 - 05613296 ____R (Swearware) C:\Users\Home\Desktop\your_name.exe
2015-03-08 21:12 - 2015-03-08 21:19 - 00004574 _____ () C:\Users\Home\Desktop\Rkill.txt
2015-03-08 21:05 - 2013-10-01 22:56 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Home\Desktop\rkill.exe
2015-03-08 20:54 - 2015-03-08 20:56 - 05613296 ____R (Swearware) C:\Users\Home\Desktop\ComboFix.exe
2015-03-08 16:43 - 2015-03-08 16:43 - 00044155 _____ () C:\Users\Home\Desktop\dds.txt
2015-03-08 16:43 - 2015-03-08 16:43 - 00023643 _____ () C:\Users\Home\Desktop\attach.txt
2015-03-08 16:35 - 2015-03-08 16:35 - 00001071 _____ () C:\latest malware bytes.txt
2015-03-08 15:01 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 15:01 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 15:01 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 15:01 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 15:01 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 15:01 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 15:01 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 15:01 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 14:58 - 2015-03-09 19:45 - 00000000 ____D () C:\Qoobox
2015-03-08 14:58 - 2015-03-09 19:22 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 14:48 - 2015-03-08 14:48 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com
2015-03-08 14:44 - 2015-03-08 14:44 - 00297798 _____ () C:\Users\Home\Desktop\Virus - Update Flash Player - TechSpot Forums.htm
2015-03-08 14:43 - 2015-03-08 14:43 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Downloads\TFC.exe
2015-03-08 14:42 - 2015-03-08 14:43 - 113199104 _____ (Sophos Limited) C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe
2015-03-08 14:42 - 2015-03-08 14:42 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-03-08 14:32 - 2015-03-08 14:32 - 00003222 _____ () C:\Windows\System32\Tasks\{069AB111-2455-4678-8716-5A6B4905DF2B}
2015-03-08 14:13 - 2015-03-08 14:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Home\Downloads\tdsskiller.exe
2015-03-08 14:05 - 2015-03-08 14:05 - 00000000 ____D () C:\SUPERDelete
2015-03-08 13:59 - 2015-03-09 18:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-08 13:59 - 2015-03-08 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-08 13:59 - 2015-03-08 13:59 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-03-08 13:59 - 2015-03-08 13:59 - 00000548 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job
2015-03-08 13:59 - 2015-03-08 13:59 - 00000548 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job
2015-03-08 13:59 - 2015-03-08 13:59 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
2015-03-08 13:59 - 2015-03-08 13:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-08 13:58 - 2015-03-08 13:58 - 21189736 _____ (SUPERAntiSpyware) C:\Users\Home\Downloads\SUPERAntiSpyware.exe
2015-03-08 13:19 - 2015-03-08 13:19 - 00002547 _____ () C:\Users\Home\Documents\SR settings.uvksr
2015-03-08 13:16 - 2015-03-08 14:20 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2015-03-08 13:16 - 2015-03-08 13:24 - 00000000 ____D () C:\ProgramData\UVK
2015-03-08 13:16 - 2015-03-08 13:16 - 00001820 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2015-03-08 13:16 - 2015-03-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2015-03-08 13:10 - 2015-03-08 13:10 - 12973424 _____ (McAfee Inc) C:\Users\Home\Downloads\stinger64.exe
2015-03-08 13:09 - 2015-03-08 13:10 - 16735931 _____ () C:\Users\Home\Downloads\unhackme.zip
2015-03-08 13:08 - 2015-03-08 13:08 - 00785096 _____ (Kaspersky Lab ZAO) C:\Users\Home\Downloads\rectordecryptor.exe
2015-03-08 13:07 - 2015-03-08 13:07 - 06568448 _____ (Carifred) C:\Users\Home\Downloads\UVKSetup.exe
2015-03-08 12:31 - 2015-03-09 20:39 - 00023796 _____ () C:\Windows\PFRO.log
2015-03-08 12:31 - 2015-03-09 20:39 - 00000672 _____ () C:\Windows\setupact.log
2015-03-08 12:31 - 2015-03-08 12:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-08 07:17 - 2015-03-08 07:17 - 00000000 ____D () C:\Users\Home\AppData\Local\Privatefirewall
2015-03-08 07:15 - 2015-03-08 07:15 - 00000000 ____D () C:\ProgramData\Privacyware
2015-03-08 05:11 - 2015-03-08 05:11 - 00020694 _____ () C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm
2015-03-08 04:45 - 2015-03-08 04:45 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-03-08 04:39 - 2015-03-08 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Comodo
2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-03-08 04:38 - 2015-03-08 05:14 - 00000000 ____D () C:\ProgramData\Comodo
2015-03-08 04:14 - 2015-03-08 14:02 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-08 04:14 - 2015-03-08 04:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-08 03:23 - 2015-03-08 03:23 - 00080697 _____ () C:\Users\Home\Desktop\Virus Removal Instruction Annoying b3.mookie1.com Pop-up Help Removing b3.mookie1.com Pop-up.htm
2015-03-08 03:09 - 2015-03-08 03:09 - 00857556 _____ () C:\Users\Home\Documents\network capture.pcapng
2015-03-08 02:11 - 2015-03-08 02:11 - 02510774 _____ () C:\Users\Home\Documents\network capture text.txt
2015-03-08 02:00 - 2015-03-08 02:00 - 00003256 _____ () C:\Windows\System32\Tasks\{C46E13E0-5A15-4EB6-8C80-CE1B66EC59B4}
2015-03-08 01:04 - 2015-03-08 22:46 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Task Coach
2015-03-08 01:04 - 2015-03-08 01:04 - 00001019 _____ () C:\Users\Home\Desktop\Task Coach.lnk
2015-03-08 01:04 - 2015-03-08 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Coach
2015-03-08 01:04 - 2015-03-08 01:04 - 00000000 ____D () C:\Program Files (x86)\TaskCoach
2015-03-08 01:03 - 2015-03-08 01:09 - 00000000 ____D () C:\Users\Home\Downloads\Lazypressing V4.0 Beta
2015-03-08 00:42 - 2015-03-08 00:42 - 18732632 _____ () C:\Users\Home\Desktop\RogueKillerX64.exe
2015-03-08 00:41 - 2015-03-08 00:41 - 00001016 _____ () C:\Users\Home\Desktop\PSPad.lnk
2015-03-08 00:20 - 2015-03-08 00:20 - 01110166 _____ () C:\Users\Home\Desktop\injury table schema.bmp
2015-03-07 23:54 - 2015-03-07 23:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2015-03-07 23:52 - 2015-03-07 23:53 - 00000000 ____D () C:\Users\Home\Desktop\Baseball Risk Assessment Tool
2015-03-07 23:51 - 2015-03-07 23:51 - 00000000 ____D () C:\Users\Home\Desktop\TMC
2015-03-07 23:35 - 2015-03-09 20:43 - 00207437 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 21:52 - 2015-03-07 23:48 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-03-07 21:52 - 2015-03-07 21:52 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-03-07 21:52 - 2015-03-07 21:52 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-03-07 21:52 - 2015-03-07 21:52 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-07 21:51 - 2015-03-07 23:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-03-07 21:51 - 2015-03-07 23:48 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-03-07 21:51 - 2015-03-07 21:51 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2015-03-07 12:57 - 2015-03-07 12:57 - 00000000 ____D () C:\img
2015-03-07 12:43 - 2015-03-07 12:45 - 05108109 _____ () C:\Users\Home\Downloads\Lazypressing V4.0 Beta.rar
2015-03-07 09:46 - 2015-03-07 09:47 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Local Store
2015-03-06 21:29 - 2015-03-06 21:29 - 101014184 _____ () C:\Users\Home\Desktop\MIT6_042JF10_lec01_300k.mp4
2015-03-06 21:24 - 2015-03-06 21:24 - 05489741 _____ () C:\Users\Home\Downloads\18-443-spring-2009.zip
2015-03-06 21:02 - 2015-03-06 21:28 - 00000000 ____D () C:\Users\Home\Downloads\MIT
2015-03-06 20:48 - 2015-03-06 20:48 - 32473803 _____ () C:\Users\Home\Downloads\18-02-fall-2007.zip
2015-03-06 20:47 - 2015-03-06 20:48 - 40757513 _____ () C:\Users\Home\Downloads\6-041-fall-2010.zip
2015-03-06 20:40 - 2015-03-06 20:40 - 10425947 _____ () C:\Users\Home\Downloads\15-075j-fall-2011.zip
2015-03-06 12:32 - 2015-03-06 12:32 - 00424186 _____ () C:\ProgramData\SMRResults430.dat
2015-03-06 12:31 - 2015-03-06 12:31 - 00001506 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2015-03-05 22:33 - 2015-03-08 03:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 12:44 - 2015-03-05 12:44 - 00000000 ____D () C:\Program Files (x86)\DBConvert
2015-03-05 12:43 - 2015-03-05 12:43 - 00000000 ____D () C:\Users\Home\Downloads\dbconvert_sqlite_mysql
2015-03-05 11:57 - 2015-03-07 10:27 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-03-05 10:24 - 2015-03-05 10:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\RStudio
2015-03-05 02:08 - 2015-03-05 02:08 - 00000000 ____D () C:\Users\Home\Documents\R
2015-03-05 02:06 - 2015-03-05 02:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2015-03-05 02:05 - 2015-03-05 02:06 - 00000000 ____D () C:\Program Files\RStudio
2015-03-05 02:05 - 2015-03-05 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2015-03-05 02:04 - 2015-03-05 02:04 - 00000000 ____D () C:\Program Files\R
2015-03-04 12:20 - 2015-03-04 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2015-03-04 12:19 - 2015-03-04 12:19 - 00000000 ____D () C:\Program Files\IBM
2015-03-02 21:21 - 2015-03-02 21:21 - 00000000 ____D () C:\Users\Home\Documents\Fax
2015-03-02 21:10 - 2015-03-02 21:10 - 00000000 ____D () C:\Users\Home\AppData\Roaming\PC-FAX TX
2015-03-01 20:27 - 2015-03-01 20:27 - 00000000 ____D () C:\Users\Home\AppData\Local\AutoIt v3
2015-03-01 20:10 - 2015-03-08 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files\iTunes
2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files\iPod
2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-28 23:14 - 2015-02-28 23:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-28 23:14 - 2015-02-28 23:14 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-28 23:14 - 2015-02-28 23:14 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-26 13:09 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 13:09 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 10:36 - 2015-02-25 10:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\VideoAnalyzer
2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\Program Files\DIFX
2015-02-25 10:35 - 2015-02-25 10:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-02-25 10:34 - 2015-02-25 10:36 - 00000000 ____D () C:\VideosForAnalysis
2015-02-25 10:34 - 2015-02-25 10:34 - 00245568 _____ (KEYLOK) C:\Windows\system32\NWKL2_64.DLL
2015-02-25 10:34 - 2015-02-25 10:34 - 00236352 _____ (KEYLOK) C:\Windows\system32\KL2DLL64.DLL
2015-02-25 10:34 - 2015-02-25 10:34 - 00207168 _____ (KEYLOK) C:\Windows\SysWOW64\NWKL2_32.DLL
2015-02-25 10:34 - 2015-02-25 10:34 - 00198976 _____ (KEYLOK) C:\Windows\SysWOW64\KL2DLL32.DLL
2015-02-25 10:34 - 2015-02-25 10:34 - 00041984 _____ () C:\Windows\system32\ppmon64.exe
2015-02-25 10:34 - 2015-02-25 10:34 - 00024136 _____ () C:\Windows\SysWOW64\ppmon.exe
2015-02-25 10:34 - 2015-02-25 10:34 - 00012480 _____ () C:\Windows\SysWOW64\KL2N.DLL
2015-02-25 10:34 - 2015-02-25 10:34 - 00007440 _____ () C:\Windows\SysWOW64\ppmon.dll
2015-02-25 10:34 - 2015-02-25 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\KEYLOK
2015-02-24 11:31 - 2015-03-08 22:46 - 00000000 ___RD () C:\Users\Home\OneDrive - Probaseballinjuries.com
2015-02-22 12:33 - 2015-02-22 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-02-22 12:33 - 2015-02-22 12:33 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-02-19 23:48 - 2015-02-19 23:48 - 00000000 ____D () C:\Brother
2015-02-19 23:48 - 2003-11-28 19:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
2015-02-19 23:47 - 2012-07-09 18:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-02-19 23:47 - 2012-03-19 14:09 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-02-19 23:47 - 2010-03-15 20:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-02-19 23:47 - 2007-12-13 23:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-02-19 23:46 - 2015-03-08 06:33 - 00000000 ____D () C:\Users\Home\AppData\Roaming\InstallShield
2015-02-18 23:10 - 2015-02-18 23:10 - 00000000 ____D () C:\Users\Home\AppData\Local\twitter
2015-02-18 23:08 - 2015-02-18 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweetDeck
2015-02-18 23:07 - 2015-02-18 23:07 - 00000000 ____D () C:\Program Files (x86)\Twitter
2015-02-16 15:54 - 2015-02-16 15:54 - 00000024 ___SH () C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat
2015-02-14 12:30 - 2015-03-09 18:46 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-14 12:30 - 2015-02-14 12:31 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-14 12:30 - 2015-02-14 12:30 - 00000000 ____D () C:\Users\Home\AppData\Local\Bluestacks
2015-02-14 12:30 - 2015-02-14 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-13 13:56 - 2015-01-23 00:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:56 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:56 - 2015-01-22 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:56 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 13:52 - 2015-02-13 13:52 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 13:52 - 2015-02-13 13:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-13 13:52 - 2015-02-13 13:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 13:52 - 2015-02-13 13:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 13:19 - 2015-02-13 13:19 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-13 10:34 - 2015-02-13 10:34 - 00000000 _____ () C:\asc_rdflag
2015-02-12 21:01 - 2015-02-12 21:01 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 21:01 - 2015-02-12 21:01 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 21:01 - 2015-02-12 21:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 21:01 - 2015-02-12 21:01 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 05:19 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 05:19 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 05:19 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 05:19 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 05:19 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 05:19 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 05:19 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 05:19 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 05:19 - 2015-01-14 01:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 05:19 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 05:19 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 05:19 - 2015-01-11 23:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 05:19 - 2015-01-11 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 05:19 - 2015-01-11 22:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 05:19 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 05:19 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 05:19 - 2015-01-11 22:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 05:19 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 05:19 - 2015-01-11 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 05:19 - 2015-01-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 05:19 - 2015-01-11 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 05:19 - 2015-01-11 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 05:19 - 2015-01-11 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 05:19 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 05:19 - 2015-01-11 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 05:19 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 05:19 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 05:19 - 2015-01-11 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 05:19 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 05:19 - 2015-01-11 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 05:19 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 05:19 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 05:19 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 05:19 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 05:19 - 2015-01-11 22:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 05:19 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 05:19 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 05:19 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 05:19 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 05:19 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 05:19 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 05:19 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 05:19 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 05:19 - 2015-01-11 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 05:19 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 05:19 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 05:19 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 05:19 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 05:19 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 05:19 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 05:19 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 05:19 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 05:19 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 05:19 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 05:19 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 05:19 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 05:19 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 05:19 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 05:19 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 05:19 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 05:19 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 05:19 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 05:19 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 05:19 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 05:19 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 05:19 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 05:19 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 05:19 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 05:19 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 05:19 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 05:19 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 05:19 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 05:19 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 05:19 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 05:18 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 05:18 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 05:18 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 05:18 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 05:18 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 05:18 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 05:18 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 05:18 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 05:18 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 05:18 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 05:18 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 05:18 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 05:18 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 05:18 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 05:18 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 05:18 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 05:18 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 05:18 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 05:18 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 05:18 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 05:18 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 05:18 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 05:18 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 05:18 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 05:18 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 05:18 - 2015-01-12 23:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 05:18 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 05:18 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 05:18 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 05:18 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 05:18 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 05:18 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 05:18 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 05:17 - 2015-01-08 22:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 00:42 - 2015-02-10 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 20:46 - 2009-07-14 01:13 - 00867156 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-09 20:46 - 2009-07-14 00:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 20:46 - 2009-07-14 00:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 20:40 - 2014-09-15 11:13 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Home-PC-Home Home-PC
2015-03-09 20:40 - 2014-01-30 00:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 20:40 - 2013-07-15 15:07 - 00000000 ___RD () C:\Users\Home\Google Drive
2015-03-09 20:40 - 2013-07-15 14:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 20:39 - 2013-07-15 14:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-09 20:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 20:38 - 2013-12-08 16:43 - 00000000 ____D () C:\AdwCleaner
2015-03-09 19:57 - 2013-07-15 14:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 19:42 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-09 19:22 - 2009-07-13 22:34 - 98304000 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-09 19:22 - 2009-07-13 22:34 - 22282240 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-09 19:22 - 2009-07-13 22:34 - 05087232 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-09 19:22 - 2009-07-13 22:34 - 00036864 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-09 19:22 - 2009-07-13 22:34 - 00032768 _____ () C:\Windows\system32\config\SAM.bak
2015-03-08 22:00 - 2014-06-13 23:30 - 00000542 _____ () C:\Windows\Tasks\injury database backup.job
2015-03-08 22:00 - 2013-07-15 16:58 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SQLyog
2015-03-08 21:51 - 2014-03-31 21:28 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2015-03-08 18:30 - 2014-05-21 23:52 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-03-08 18:22 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2015-03-08 17:19 - 2014-09-01 20:19 - 00000164 _____ () C:\Windows\ODBC.INI
2015-03-08 17:18 - 2014-11-25 02:49 - 00000000 ___RD () C:\Users\Home\OneDrive
2015-03-08 15:16 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2015-03-08 15:08 - 2014-12-06 02:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\mymacro
2015-03-08 15:08 - 2013-07-08 18:24 - 00000000 ____D () C:\Users\Home
2015-03-08 14:53 - 2013-08-08 20:51 - 00000000 ____D () C:\Users\Home\Documents\Software
2015-03-08 14:31 - 2014-05-03 22:22 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps
2015-03-08 13:52 - 2013-07-15 16:27 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-08 13:35 - 2014-10-17 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 13:35 - 2014-10-17 01:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-08 07:12 - 2014-03-16 12:05 - 00000000 ____D () C:\CCE
2015-03-08 07:06 - 2014-04-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Flash Update
2015-03-08 07:06 - 2014-03-16 14:12 - 00000000 ____D () C:\CCE_Quarantine
2015-03-08 05:33 - 2014-03-23 21:35 - 00000000 ____D () C:\Windows\System32\Tasks\Visual Web Ripper
2015-03-08 04:52 - 2014-12-29 00:02 - 00001548 _____ () C:\Users\Home\Desktop\TMC - Shortcut.lnk
2015-03-08 04:52 - 2014-12-28 23:59 - 00001880 _____ () C:\Users\Home\Desktop\Google Drive.lnk
2015-03-08 04:52 - 2014-12-11 19:45 - 00001974 _____ () C:\Users\Home\Desktop\OneDrive - Probaseballinjuries.com.lnk
2015-03-08 04:30 - 2014-12-01 03:55 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment
2015-03-08 04:30 - 2014-12-01 03:55 - 00000000 ____D () C:\Users\Home\AppData\Local\Apps\2.0
2015-03-08 04:13 - 2013-11-10 22:53 - 00000000 ___RD () C:\Users\Home\Desktop\Malware Killer
2015-03-08 04:06 - 2014-08-19 11:08 - 00017880 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-08 03:55 - 2014-10-17 00:30 - 00000000 ____D () C:\Users\Home\Documents\Mendeley
2015-03-08 03:49 - 2014-11-24 15:39 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_65D
2015-03-08 03:49 - 2014-08-23 11:14 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_3DBE
2015-03-08 03:49 - 2014-08-14 10:24 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_BE8
2015-03-08 03:49 - 2014-07-15 09:26 - 00000000 ____D () C:\Users\Home\AppData\OICE_15_974FA576_32C1D314_32EA
2015-03-08 02:29 - 2014-05-22 00:14 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Nitro PDF
2015-03-08 00:41 - 2014-03-31 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2015-03-07 22:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-07 21:54 - 2014-05-02 21:27 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-03-07 21:54 - 2014-05-02 21:27 - 00000000 ____D () C:\ProgramData\Norton
2015-03-07 21:51 - 2013-07-15 15:00 - 00000000 ___RD () C:\Users\Home\Dropbox
2015-03-07 12:57 - 2014-12-06 03:08 - 00000000 ____D () C:\lp2
2015-03-06 12:31 - 2014-05-12 00:13 - 00000000 ____D () C:\Users\Home\AppData\Local\NPE
2015-03-06 12:13 - 2015-01-21 23:30 - 00000000 ____D () C:\NPE
2015-03-06 12:10 - 2013-07-15 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 21:58 - 2013-07-08 18:47 - 00000000 ____D () C:\Users\Home\AppData\Local\Akamai
2015-03-05 12:54 - 2013-07-08 18:24 - 00000000 ____D () C:\Users\Home\AppData\Local\VirtualStore
2015-03-04 19:04 - 2014-08-19 11:07 - 00435888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 14:48 - 2013-12-06 00:14 - 00000016 ____H () C:\Windows\SysWOW64\servdat.slm
2015-03-04 12:29 - 2013-08-08 20:56 - 00000000 ____D () C:\Users\Home\Documents\Injury Research
2015-03-04 12:20 - 2013-12-06 00:15 - 00000000 ____D () C:\ProgramData\SPSS
2015-03-04 12:19 - 2013-12-06 00:14 - 00000219 _____ () C:\Windows\SysWOW64\lsprst7.tgz
2015-03-03 16:01 - 2013-07-15 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-03 14:36 - 2013-07-15 16:24 - 00000000 ____D () C:\Users\Home\AppData\Local\Microsoft Help
2015-03-03 09:17 - 2013-07-08 18:40 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 21:10 - 2013-07-19 20:04 - 00000324 _____ () C:\Windows\Brpfx04a.ini
2015-03-02 21:10 - 2013-07-19 20:04 - 00000130 _____ () C:\Windows\brpcfx.ini
2015-02-27 17:09 - 2014-12-04 15:15 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2015-02-26 22:52 - 2014-12-04 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
2015-02-24 11:31 - 2014-12-03 02:31 - 00000000 ___RD () C:\Users\Home\ODBA
2015-02-24 11:20 - 2014-11-25 02:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 00:08 - 2014-12-07 16:41 - 00000000 ____D () C:\Users\Home\Desktop\Games
2015-02-20 04:49 - 2013-07-19 20:02 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-02-19 23:49 - 2013-07-19 19:59 - 00009924 _____ () C:\Windows\BRPARAM.INI
2015-02-19 23:47 - 2013-07-19 20:02 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-02-19 23:47 - 2013-07-08 20:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-19 16:09 - 2014-10-15 22:50 - 00000000 ____D () C:\Retrosheet
2015-02-17 14:03 - 2014-04-03 20:47 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-16 21:36 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-16 16:02 - 2014-12-20 00:16 - 00000000 ____D () C:\Users\Home\.freemind
2015-02-16 16:02 - 2014-02-11 23:24 - 00000000 ____D () C:\temp
2015-02-16 16:02 - 2013-08-28 22:01 - 00000000 ____D () C:\Users\Home\.FamilySearchIndexing
2015-02-16 16:02 - 2013-07-25 20:24 - 00000000 ____D () C:\Users\Home\Ebooks
2015-02-15 00:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 22:59 - 2009-07-14 01:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-13 14:05 - 2014-07-20 16:01 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-13 14:02 - 2013-07-19 19:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 13:59 - 2014-09-12 01:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-13 13:21 - 2013-11-17 23:28 - 00000000 ____D () C:\Windows\pss
2015-02-13 12:16 - 2015-01-12 00:53 - 00000000 ____D () C:\Program Files (x86)\Radium Technologies
2015-02-13 10:34 - 2014-11-06 21:18 - 96743424 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-02-13 10:34 - 2014-11-06 21:18 - 05066752 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-02-13 10:34 - 2014-11-06 21:18 - 00036864 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-02-13 10:34 - 2014-11-06 21:18 - 00032768 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-02-13 03:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 20:44 - 2014-11-05 21:58 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-12 08:28 - 2014-12-09 21:15 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:28 - 2014-05-06 00:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 04:10 - 2013-08-14 06:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 04:01 - 2013-07-08 19:23 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 11:22 - 2013-07-15 13:51 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Dropbox
2015-02-09 09:46 - 2013-12-22 15:25 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-09 09:42 - 2014-07-18 15:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-09 09:42 - 2014-05-05 13:16 - 00000000 ____D () C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2014-02-07 00:33 - 2014-02-07 00:33 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-12-04 03:26 - 2014-12-04 03:26 - 0000008 ____H () C:\Users\Home\AppData\Roaming\Pref - 7621d
2015-02-16 15:54 - 2015-02-16 15:54 - 0000024 ___SH () C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat
2014-12-04 03:26 - 2014-10-07 06:33 - 0000008 ____H () C:\Users\Home\AppData\Roaming\sysuser_32
2015-01-28 15:21 - 2015-01-28 15:21 - 0000046 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
2015-01-18 16:15 - 2015-01-18 16:15 - 0000038 ___SH () C:\Users\Home\AppData\Local\5678c43253f8bbb5ed82a9.59421958
2014-12-30 12:48 - 2014-12-30 12:49 - 0000600 _____ () C:\Users\Home\AppData\Local\PUTTY.RND
2015-01-04 00:47 - 2015-01-04 00:47 - 0001239 _____ () C:\Users\Home\AppData\Local\recently-used.xbel
2014-09-16 14:18 - 2014-09-16 14:18 - 0007644 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2014-07-09 16:07 - 2014-07-09 16:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-01-30 23:05 - 2014-01-30 23:53 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-06 12:32 - 2015-03-06 12:32 - 0424186 _____ () C:\ProgramData\SMRResults430.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat
C:\Users\Home\jobq.dat
C:\Users\Home\setup.exe


Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 05:57

==================== End Of Log ============================
 
Additional log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
Ran by Home at 2015-03-09 20:47:51
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AES Crypt (HKLM\...\{27D8751B-EC95-4F79-940A-8460F9278931}) (Version: 3.09 - Packetizer, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J435W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Extreme URL Generator 1.4 (HKLM-x32\...\Extreme URL Generator_is1) (Version: 1.4 - Extreme Internet Software)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Getting Things Done Outlook Add-In (HKLM-x32\...\{D9ACA6BD-10A3-40C5-AE17-6B6AD4F50FEE}) (Version: 3.3.22 - NetCentrics Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Citrix Services Client (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Juniper_Citrix_Services) (Version: 8.0.6.32195 - Juniper Networks)
Juniper Networks Network Connect 7.1.17 (HKLM-x32\...\Juniper Network Connect 7.1.17) (Version: 7.1.17.28099 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-105833367-992780291-1110841063-1000\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.48695 - Juniper Networks, Inc.)
Junos Pulse Core Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Host Checker Plugin Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mendeley Desktop 1.12.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.2 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft SharePoint Designer 2013 - en-us (HKLM\...\SPDRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Version: 5.3.4 - Oracle Corporation)
MySQL Fabric 1.5.3 & MySQL Utilities 1.5.3 (HKLM-x32\...\{9738F610-016F-4D07-9071-992D46C0742B}) (Version: 1.5.3 - Oracle Corporation)
MySQL Installer (HKLM-x32\...\{4C82767C-464E-4858-81BC-D33626EA30AA}) (Version: 1.3.2.0 - Oracle Corporation)
MySQL Server 5.6 (HKLM\...\{3AEB0317-360A-4434-AC52-6EB66532CB4D}) (Version: 5.6.12 - Oracle Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{916D6512-97A8-470D-AEC8-53A1654E74BF}) (Version: 6.2.3 - Oracle Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.5.2.7 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.5.2.7 - The Neat Company) Hidden
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Paprika Recipe Manager (HKLM-x32\...\{E9AC2A1E-F693-43D0-BBF4-C57A4D9BDFCF}) (Version: 1.0.4 - Hindsight Labs LLC)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.9.2600 - Jan Fiala)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
R for Windows 3.1.2 (HKLM\...\R for Windows 3.1.2_is1) (Version: 3.1.2 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
RescueTime 2.10.1.1240 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1102 - RStudio)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SQLyog 11.33 (64 bit) (HKLM\...\SQLyog64) (Version: 11.33 (64 bit) - Webyog Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Task Coach 1.4.2 (HKLM-x32\...\Task Coach_is1) (Version: - Frank Niessink, Jerome Laheurte, and Aaron Wolf)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
USB2.0 UVC VGA WebCam (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10256 - Realtek Semiconductor Corp.)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.0.0.2 - Carifred)
VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll ()
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-105833367-992780291-1110841063-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

08-03-2015 17:19:13 Removed Privatefirewall 7.0
08-03-2015 18:02:14 Removed Nitro Pro 9
08-03-2015 18:22:07 Removed CouponPrinterPlugin
08-03-2015 18:22:30 Removed Living Cookbook 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-03-09 19:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00141F20-A12B-4193-BD74-A1B96CC76638} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-14] (Microsoft Corporation)
Task: {06FA84F5-6B40-48D4-812A-40F55E4C6D71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {136B767E-03F0-4590-976D-F087C1FC04E1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506} - System32\Tasks\ASC7_SkipUac_Home => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: {193FA546-EC30-49CB-B371-C55DB747520A} - System32\Tasks\injury database backup => C:\Program Files\SQLyog\SJA.exe [2014-02-07] (Webyog Inc.)
Task: {2B912968-2CF8-49A8-87A3-0DA30D3A2306} - System32\Tasks\{069AB111-2455-4678-8716-5A6B4905DF2B} => pcalua.exe -a "C:\Program Files (x86)\MySQL\MySQL Installer\MySQLInstaller.exe" -d "C:\Program Files (x86)\MySQL\MySQL Installer\"
Task: {49549DC0-B543-4D56-9D82-63CFECE46C4A} - System32\Tasks\{978A3E2E-FDC6-45D1-9FC4-BE79A471F8D2} => pcalua.exe -a "C:\Program Files\IBM\SPSS\Statistics\21\VC9\vcredist_x64.exe" -d "C:\Program Files\IBM\SPSS\Statistics\21\VC9"
Task: {51A084AA-DE64-45E9-BDD1-88DFD51736A8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {57D1ED92-C224-4ADA-A242-A7C237C2E8CE} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {745263D3-6514-480E-9ACB-1355C51781E6} - System32\Tasks\retrosheet_backup => C:\Program Files\SQLyog\SJA.exe [2014-02-07] (Webyog Inc.)
Task: {80728DA7-53C1-4360-82A3-0342E5D9DA7A} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {9AF445A4-EEF4-46A6-85A1-ABE63C5EDCC0} - System32\Tasks\{C46E13E0-5A15-4EB6-8C80-CE1B66EC59B4} => pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHT13IAR\HijackThis.exe" -d C:\Users\Home\Desktop
Task: {9D1FB838-6594-4D92-B123-D04673D2D3F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {AD23CC63-79AC-4C16-A4FD-D1E254518AA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {B0063959-3E2D-4450-A43C-6F0BEBE5B9D1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {B3059DAF-6065-45FB-8B33-14E5143F6D90} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {BEF4D747-6F29-40E8-82D3-DF3CEA05E1AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {C044DA37-1082-48F8-BE12-F5241AD148F6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {CAD6FEC2-8E48-45CA-8DBE-1AF94173B47F} - System32\Tasks\{327FC1B5-22CD-4B6C-8734-F2BEB4DD8553} => pcalua.exe -a C:\Users\Home\Documents\Liveupdate_Win7_64_Z312\Setup.exe -d C:\Users\Home\Documents\Liveupdate_Win7_64_Z312
Task: {CFAC93F3-5C61-43F2-9142-942A48458405} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D4C0CAC3-A85A-4E00-A84E-851CC3014DE8} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {DD1D6D21-9C38-4EE5-AB88-4C27CD1376E5} - System32\Tasks\{53C3AD61-9FAC-44AC-A128-CF46C28C7941} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}\Setup.exe" -c -runfromtemp -l0x0009 UNINSTALL Reg=BHmini11 -removeonly
Task: {E19AF081-F765-4DA5-A6DE-B1576F5A371E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Home-PC-Home Home-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {E2FFFCC8-3412-44A9-A213-DD753C991B35} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {E7F26CA6-DCCD-43F5-B451-A0AB8A3AD69C} - System32\Tasks\{B973D861-B242-48BA-81A1-5D26CD94EC70} => pcalua.exe -a C:\Users\Home\Downloads\LegacyGeoDBSetup.exe -d C:\Users\Home\Downloads
Task: {F29B4BE4-DE46-447D-AB36-EEE495A9F4A3} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
Task: {F73EF4EA-837E-4B80-A3E0-292AAFFF380D} - \AutoKMS No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\injury database backup.job => C:\Program Files\SQLyog\SJA.exe C:\Users\Home\Documents\database_backup_donotdelete.xml -lC:\Users\Home\AppData\Roaming\SQLyog\sja.log -sC:\Users\Home\AppData\Roaming\SQLyog\sjasession.xml
Task: C:\Windows\Tasks\retrosheet_backup.job => C:\Program Files\SQLyog\SJA.exe C:\Users\Home\Documents\retrosheet_backup_file.xml -lC:\Users\Home\AppData\Roaming\SQLyog\sja.log -sC:\Users\Home\AppData\Roaming\SQLyog\sjasession.xml
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 28309723-a1e3-4a2f-8005-d036f848af91.job => C:\Program Files\SUPERAntiSpyware\SASTask.exexC:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ba7d2ab8-a16e-4e1a-aaf3-c4259796ecb2.job => C:\Program Files\SUPERAntiSpyware\SASTask.exexC:\Program Files\SUPERAntiSpyware\7cfab935-97d7-48a7-8599-56f845b9041d.com

==================== Loaded Modules (whitelisted) ==============

2014-09-06 19:20 - 2014-05-20 15:01 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-25 02:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-19 20:02 - 2005-04-22 00:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-25 02:45 - 2014-12-23 15:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-09 20:39 - 2015-03-09 20:39 - 00098816 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32api.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00110080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pywintypes27.dll
2015-03-09 20:39 - 2015-03-09 20:39 - 00364544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pythoncom27.dll
2015-03-09 20:39 - 2015-03-09 20:39 - 00045568 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_socket.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 01161216 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_ssl.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00320512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32com.shell.shell.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00713216 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_hashlib.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 01175040 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._core_.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00805888 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._gdi_.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00811008 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._windows_.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 01062400 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._controls_.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00735232 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._misc_.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00682496 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pysqlite2._sqlite.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00128512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_elementtree.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00127488 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\pyexpat.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00087552 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_ctypes.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00119808 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32file.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00108544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32security.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00007168 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\hashobjs_ext.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00167936 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32gui.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00018432 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32event.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00038912 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32inet.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00011264 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32crypt.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00070656 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._html2.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00027136 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_multiprocessing.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00020480 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\_yappi.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00035840 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32process.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00686080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\unicodedata.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00122368 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._wizard.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00024064 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32pipe.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00010240 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\select.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00025600 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32pdh.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00525640 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\windows._lib_cacheinvalidation.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00017408 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32profile.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00022528 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\win32ts.pyd
2015-03-09 20:39 - 2015-03-09 20:39 - 00078336 _____ () C:\Users\Home\AppData\Local\Temp\_MEI36842\wx._animate.pyd
2015-02-19 23:47 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-11-25 02:42 - 2014-11-25 02:42 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8
AlternateDataStreams: C:\ProgramData\TEMP:43AAB821
AlternateDataStreams: C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-105833367-992780291-1110841063-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: BrStsMon00 => c:\program files (x86)\browny02\brother\brstmonw.exe /autorun
MSCONFIG\startupreg: CCleaner64.exe => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter4 => c:\program files (x86)\controlcenter4\brccboot.exe /autorun
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN338B3GMP05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QTTask.exe => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SkyDrive => "c:\users\home\appdata\local\microsoft\skydrive\skydrive.exe" /background
MSCONFIG\startupreg: Spotify => "c:\users\home\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-105833367-992780291-1110841063-500 - Administrator - Disabled)
Guest (S-1-5-21-105833367-992780291-1110841063-501 - Limited - Disabled)
Home (S-1-5-21-105833367-992780291-1110841063-1000 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-105833367-992780291-1110841063-1002 - Limited - Enabled)
MASService (S-1-5-21-105833367-992780291-1110841063-1011 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-03-09 19:21:53.400
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-09 19:21:53.385
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-09 19:21:53.353
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-09 19:21:53.338
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-08 15:08:34.324
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-08 15:08:34.293
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-15 16:28:28.802
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-15 16:28:28.753
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-18 01:47:35.305
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-18 01:47:35.258
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Home\AppData\Local\Temp\ListOpenedFileDrv_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 27%
Total physical RAM: 7970.21 MB
Available physical RAM: 5782.95 MB
Total Pagefile: 15938.62 MB
Available Pagefile: 13496.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:537.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 56AC010C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    5.2 KB · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2015 01
Ran by Home at 2015-03-09 21:40:05 Run:1
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available profiles: Home & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{bf1da33b-d270-4d68-ac98-f5fd9f4fb489} <======= ATTENTION (Policy Restriction on IP)
SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> URL http://search.conduit.com/Results.a...-41E2-80B4-AB42071A858B&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-105833367-992780291-1110841063-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-02-07 00:33 - 2014-02-07 00:33 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-12-04 03:26 - 2014-12-04 03:26 - 0000008 ____H () C:\Users\Home\AppData\Roaming\Pref - 7621d
2015-02-16 15:54 - 2015-02-16 15:54 - 0000024 ___SH () C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat
2014-12-04 03:26 - 2014-10-07 06:33 - 0000008 ____H () C:\Users\Home\AppData\Roaming\sysuser_32
2015-01-28 15:21 - 2015-01-28 15:21 - 0000046 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
2015-01-18 16:15 - 2015-01-18 16:15 - 0000038 ___SH () C:\Users\Home\AppData\Local\5678c43253f8bbb5ed82a9.59421958
2014-12-30 12:48 - 2014-12-30 12:49 - 0000600 _____ () C:\Users\Home\AppData\Local\PUTTY.RND
2015-01-04 00:47 - 2015-01-04 00:47 - 0001239 _____ () C:\Users\Home\AppData\Local\recently-used.xbel
2014-09-16 14:18 - 2014-09-16 14:18 - 0007644 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2014-07-09 16:07 - 2014-07-09 16:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-01-30 23:05 - 2014-01-30 23:53 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-06 12:32 - 2015-03-06 12:32 - 0424186 _____ () C:\ProgramData\SMRResults430.dat
C:\ProgramData\SMRResults430.dat
C:\Users\Home\jobq.dat
C:\Users\Home\setup.exe
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll
Task: {1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506} - System32\Tasks\ASC7_SkipUac_Home => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7
Task: {80728DA7-53C1-4360-82A3-0342E5D9DA7A} - \Advanced System Protector_startup No Task File <==== ATTENTION
2015-03-08 04:45 - 2015-03-08 04:45 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-03-08 04:39 - 2015-03-08 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Comodo
2015-03-08 04:39 - 2015-03-08 04:39 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-03-08 04:38 - 2015-03-08 05:14 - 00000000 ____D () C:\ProgramData\Comodo
Task: {C044DA37-1082-48F8-BE12-F5241AD148F6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO
Task: {D4C0CAC3-A85A-4E00-A84E-851CC3014DE8} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {E2FFFCC8-3412-44A9-A213-DD753C991B35} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {F29B4BE4-DE46-447D-AB36-EEE495A9F4A3} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
Task: {F73EF4EA-837E-4B80-A3E0-292AAFFF380D} - \AutoKMS No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0CA8EFF8
AlternateDataStreams: C:\ProgramData\TEMP:43AAB821
AlternateDataStreams: C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm:$CmdZnID

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => Key not found.
"HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value deleted successfully.
HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\S-1-5-21-105833367-992780291-1110841063-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Key not found.
catchme => Service deleted successfully.
C:\Program Files (x86)\Common Files\lpuninstall.exe => Moved successfully.
C:\Users\Home\AppData\Roaming\Pref - 7621d => Moved successfully.
C:\Users\Home\AppData\Roaming\System5908ConfigCollection.dat => Moved successfully.
C:\Users\Home\AppData\Roaming\sysuser_32 => Moved successfully.
C:\Users\Home\AppData\Roaming\WB.CFG => Moved successfully.
C:\Users\Home\AppData\Local\5678c43253f8bbb5ed82a9.59421958 => Moved successfully.
C:\Users\Home\AppData\Local\PUTTY.RND => Moved successfully.
C:\Users\Home\AppData\Local\recently-used.xbel => Moved successfully.
C:\Users\Home\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\ProgramData\Ament.ini => Moved successfully.
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => Moved successfully.
C:\ProgramData\SMRResults430.dat => Moved successfully.
"C:\ProgramData\SMRResults430.dat" => File/Directory not found.
C:\Users\Home\jobq.dat => Moved successfully.
C:\Users\Home\setup.exe => Moved successfully.
C:\Users\Home\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Home\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1686E5CE-EB94-48BA-9DB7-1BEA2DD3B506}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC7_SkipUac_Home => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Home" => Key deleted successfully.
"C:\Program Files (x86)\IObit\Advanced SystemCare 7" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80728DA7-53C1-4360-82A3-0342E5D9DA7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80728DA7-53C1-4360-82A3-0342E5D9DA7A}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key not found.
C:\Windows\System32\Tasks\COMODO => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo => Moved successfully.
C:\Users\Home\AppData\Local\Comodo => Moved successfully.
C:\ProgramData\Comodo Downloader => Moved successfully.
C:\ProgramData\Comodo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C044DA37-1082-48F8-BE12-F5241AD148F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C044DA37-1082-48F8-BE12-F5241AD148F6}" => Key deleted successfully.
C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => Key deleted successfully.
"C:\Program Files\COMODO" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D4C0CAC3-A85A-4E00-A84E-851CC3014DE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4C0CAC3-A85A-4E00-A84E-851CC3014DE8}" => Key deleted successfully.
C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2FFFCC8-3412-44A9-A213-DD753C991B35}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2FFFCC8-3412-44A9-A213-DD753C991B35}" => Key deleted successfully.
C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F29B4BE4-DE46-447D-AB36-EEE495A9F4A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F29B4BE4-DE46-447D-AB36-EEE495A9F4A3}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC7_PerformanceMonitor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F73EF4EA-837E-4B80-A3E0-292AAFFF380D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F73EF4EA-837E-4B80-A3E0-292AAFFF380D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\ProgramData\TEMP => ":0CA8EFF8" ADS removed successfully.
C:\ProgramData\TEMP => ":43AAB821" ADS removed successfully.
C:\Users\Home\Desktop\How to Use Combofix _ Supportz.htm => ":$CmdZnID" ADS removed successfully.

==== End of Fixlog 21:40:07 ====
 
See if you can access MIcrosoft site now....

Then...

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Back