BAsystems

I ran MBAM and it came back clean. I think it is gone! Thanks for all of your help! BA

I'm not having the issues reported, and other than Malwarebytes finding the same viruses again, and not responding when starting the program for 60 seconds, no other concerns. mbam3.txt Fixlog.txt

I've removed the Best Buy PC, uninstalled Combofix, ran FRST and have attached the Log Files as requested. I also have included the zipped copy of C:\Windows\Win Services directory that includes the Winevent.exe and support structure. When I went to upload it again to Virustotal, it is no longer there. I'm assuming one of the last few fixes has removed it? I manually deleted the Service that it had created and deleted the Win Services directory from c:\Windows after this last FRST scan. Thanks again! FRST.txt Addition.txt Win Services.zip

Before I do the suggested course of action, I need to correct one thing. You stated that the "Windows Event Log" is a default setting. This is true, and that service is running currently. The service in question is called "Windows Event Log Viewer". It seems to be running from a rogue directory under Windows called "Win Services". I have it disabled through MSConfig and the system is symptom free. I'd like to upload the zipped file I made of the directory "Win Services" so that it can be studied and a legitimate fix put into place for future infections. I have no idea of what it is doing or attempting to do. I will remove combofix and the Best Buy garbage as instructed. I'll hold off on Bonjour and Itunes until I hear back from you about my minor correction on the service name. Thank you for your help!

I have the Culprit! It is called Windows Event Log Viewer. Located in C:\Windows\Win Services. Running a file called winevent.exe I have left the service disabled and created a .zip of the Win Services folder which I will upload if you like. i will await further instructions.

Furthermore, the problem only shows when the services are enabled. I'll have to narrow down from there. Startup items has no effect.

The processes are NOT spawning in Clean Boot mode.

Still spawning.... AdwCleanerC3.txt mbam2.txt Fixlog.txt

here you go... Addition.txt FRST.txt gmer.log

here you go. rogue.txt

here you go. Processes are still spawning. Fixlog.txt mbam.txt AdwCleanerC2.txt JRT.txt cureit.log

nothing found: Analysis completed. SHA256: 43703a6c9bfc49ee6e8a5ba25cabc7eed598cb245745c56f52e23f6093eebecf File name: winevent.exe Detection ratio: 0 / 55 Analysis date: 2015-11-22 23:24:11 UTC ( 1 minute ago ) 0 0 Analysis File detail Relationships Additional information Comments Votes Behavioural information Antivirus Result Update ALYac 20151122 AVG 20151122 AVware 20151122 Ad-Aware 20151122 AegisLab 20151122 Agnitum 20151122 AhnLab-V3 20151122 Alibaba 20151120 Antiy-AVL 20151122 Arcabit 20151122 Avast 20151122 Avira 20151122 Baidu-International 20151122 BitDefender 20151123 Bkav 20151121 ByteHero 20151123 CAT-QuickHeal 20151121 CMC 20151118 ClamAV 20151123 Comodo 20151122 Cyren 20151122 DrWeb 20151122 ESET-NOD32 20151122 Emsisoft 20151122 F-Prot 20151122 F-Secure 20151120 Fortinet 20151122 GData 20151122 Ikarus 20151122 Jiangmin 20151122 K7AntiVirus 20151122 K7GW 20151122 Kaspersky 20151122 Malwarebytes 20151122 McAfee 20151122 McAfee-GW-Edition 20151122 MicroWorld-eScan 20151122 Microsoft 20151122 NANO-Antivirus 20151122 Panda 20151122 Qihoo-360 20151123 Rising 20151122 SUPERAntiSpyware 20151122 Sophos 20151122 Symantec 20151122 Tencent 20151123 TheHacker 20151121 TrendMicro 20151122 TrendMicro-HouseCall 20151122 VBA32 20151120 VIPRE 20151122 ViRobot 20151122 Zillya 20151122 Zoner 20151122 nProtect 20151120

This computer has proven to be very difficult to clean. Now after throwing a bunch of tools at it, it seems to scan clean. However, there are processes being spawned that make me nervous. As it is running, there are multiple conhost.exe, cmd.exe and reg.exe processes spawned. if I let it run long enough, they take 100% processor and the system becomes unuseable. I wrote a looping batch file to taskkill the reg.exe task and that makes it possible to do some diagnostics. Please help! I have run the following tools: rkill adwcleaner Malwarebytes Rootkit Scanner Malwarebytes Norton Power Eraser Hitman Pro Microsoft Security Essentials. Please find attached the FRST and Addition Logs Thank you in advance for all of your help. BA Addition.txt FRST.txt

I have a Redirector Virus that has survived all of my tools so far. Please see the attached logs.... Thanks in advance! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01Ran by Production2 (administrator) on 1LJJWV1 on 04-03-2015 17:03:47Running from C:\Users\Production2\DesktopLoaded Profiles: Production2 & BHocker & UpdatusUser & ba (Available profiles: Production2 & BHocker & UpdatusUser & ba)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(GFI Software Development Ltd.) C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\ssDVAgent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe() C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-06-08] (LogMeIn, Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"HKLM\...\Run: [symantecPaui] => C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe [3364720 2015-01-29] (Symantec Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-09-20] (Nuance Communications, Inc.)HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-09-20] (Nuance Communications, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-01-07] ()HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1HKU\S-1-5-19\...\Winlogon: [shell] C:\Windows\Explorer.exe [2871808 2012-10-05] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [shell] C:\Windows\Explorer.exe [2871808 2012-10-05] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3339915714-4026255288-318212047-1167\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3339915714-4026255288-318212047-1167\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)HKU\S-1-5-21-3339915714-4026255288-318212047-1167\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)HKU\S-1-5-21-3339915714-4026255288-318212047-1191\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe -update activexHKU\S-1-5-21-3339915714-4026255288-318212047-1191\...\Policies\Explorer: [NofolderOptions] 0HKU\S-1-5-21-3339915714-4026255288-318212047-1191\...\Winlogon: [shell] C:\Windows\Explorer.exe [2871808 2012-10-05] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-866357931-1683416658-3852769474-1000\...\Winlogon: [shell] C:\Windows\Explorer.exe [2871808 2012-10-05] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-866357931-1683416658-3852769474-1001\...\Winlogon: [shell] C:\Windows\Explorer.exe [2871808 2012-10-05] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [smartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll (SmartSoft Ltd.)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-3339915714-4026255288-318212047-1167\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3339915714-4026255288-318212047-1167\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-3339915714-4026255288-318212047-1167\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-3339915714-4026255288-318212047-1167\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKU\S-1-5-21-3339915714-4026255288-318212047-1191\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKU\S-1-5-21-866357931-1683416658-3852769474-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1HKU\S-1-5-21-866357931-1683416658-3852769474-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1URLSearchHook: HKU\S-1-5-21-3339915714-4026255288-318212047-1191 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No FileSearchScopes: HKLM -> {CE4B674E-14ED-4689-867F-4351DAD23AD2} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM-x32 -> {CE4B674E-14ED-4689-867F-4351DAD23AD2} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3339915714-4026255288-318212047-1167 -> {CE4B674E-14ED-4689-867F-4351DAD23AD2} URL = SearchScopes: HKU\S-1-5-21-866357931-1683416658-3852769474-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-866357931-1683416658-3852769474-1001 -> DefaultScope {CE4B674E-14ED-4689-867F-4351DAD23AD2} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: No Name -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} -> No FileBHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 10.10.10.10 FireFox:========FF ProfilePath: C:\Users\Production2\AppData\Roaming\Mozilla\Firefox\Profiles\kdulkox4.defaultFF DefaultSearchEngine: GoogleFF SearchEngineOrder.2: FF Homepage: https://www.yahoo.com/FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKU\S-1-5-21-3339915714-4026255288-318212047-1167: LWAPlugin15.8 -> C:\Users\Production2\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Users\Production2\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-03-04] Chrome: =======CHR Profile: C:\Users\Production2\AppData\Local\Google\Chrome\User Data\DefaultCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\Exts\Chrome.crx [2015-02-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8416768 2015-02-05] (Remote Monitoring) [File not signed]R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]R2 gfi_lanss11_attservice; C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe [118640 2012-07-17] (GFI Software Development Ltd.)R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-02-20] (LogMeIn, Inc.)R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234344 2015-02-20] (LogMeIn, Inc.)R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-06-08] (LogMeIn, Inc.)R2 NIS; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe [276376 2014-08-06] (Symantec Corporation)R2 SsPaAdm; C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [191856 2015-01-29] (Symantec Corporation)R2 ssPaSetMgr; C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [138272 2015-01-29] (Symantec Corporation)R2 ssSpnAv; C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [418720 2014-10-10] (Symantec Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-24] (Symantec Corporation)R1 ccSet_Cloud; C:\Windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [167072 2015-01-29] (Symantec Corporation)R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)R1 IDSVia64; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\IPSDefs\20150303.001\IDSvia64.sys [669400 2015-02-25] (Symantec Corporation)R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-30] (LogMeIn, Inc.)S4 LMIRfsClientNP; No ImagePathR3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150303.034\ENG64.SYS [129752 2015-02-25] (Symantec Corporation)R3 NAVEX15; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150303.034\EX64.SYS [2137304 2015-02-25] (Symantec Corporation)R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-03-04] (Symantec Corporation)R1 SRTSP; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2014-07-22] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-02-25] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2014-07-22] (Symantec Corporation)R1 SymNetS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S1 Teefer3; system32\DRIVERS\Teefer3.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 17:03 - 2015-03-04 17:04 - 00023151 _____ () C:\Users\Production2\Desktop\FRST.txt2015-03-04 17:03 - 2015-03-04 17:03 - 00000000 ____D () C:\FRST2015-03-04 17:03 - 2015-03-04 17:00 - 02092544 _____ (Farbar) C:\Users\Production2\Desktop\FRST64.exe2015-03-04 16:57 - 2015-03-04 16:57 - 00000000 _____ () C:\Users\Production2\Downloads\FRST.exe.1uto8pj.partial2015-03-04 16:34 - 2015-03-04 16:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-03-04 16:34 - 2015-03-04 16:34 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-03-04 16:34 - 2015-03-04 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-03-04 16:34 - 2015-03-04 16:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-03-04 16:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-03-04 16:34 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-03-04 16:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-03-04 16:33 - 2015-03-04 16:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Production2\Downloads\mbam-setup-2.0.4.1028.exe2015-03-04 15:43 - 2015-03-04 15:49 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS2015-03-04 15:43 - 2015-03-04 15:49 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat2015-03-04 15:39 - 2015-03-04 15:39 - 00000000 ___RD () C:\Users\Production2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2015-03-04 15:19 - 2015-03-04 15:19 - 03060320 ____N (Symantec Corporation) C:\Users\Production2\Downloads\NPE (1).exe2015-03-04 15:06 - 2015-03-04 15:16 - 00000000 ____D () C:\ProgramData\HitmanPro2015-03-04 15:06 - 2015-03-04 15:06 - 10995632 _____ (SurfRight B.V.) C:\Users\Production2\Downloads\HitmanPro_x64.exe2015-03-04 14:56 - 2015-03-04 14:56 - 00027678 _____ () C:\ComboFix.txt2015-03-04 14:37 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2015-03-04 14:37 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2015-03-04 14:37 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-03-04 14:37 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-03-04 14:37 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-03-04 14:37 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2015-03-04 14:37 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2015-03-04 14:37 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2015-03-04 14:36 - 2015-03-04 14:36 - 05612482 ____R (Swearware) C:\Users\Production2\Downloads\ComboFix.exe2015-03-02 16:08 - 2015-03-02 16:08 - 00005302 _____ () C:\Users\Production2\Desktop\eset.txt2015-03-02 14:55 - 2015-03-02 14:55 - 00000000 ____D () C:\Program Files (x86)\ESET2015-03-02 14:31 - 2015-03-02 14:31 - 06822592 _____ (URSoft, Inc. ) C:\Users\Production2\Downloads\yusetup7nt.exe2015-03-02 14:02 - 2015-03-02 14:31 - 00001074 _____ () C:\Users\Production2\Desktop\Your Unin-staller!.lnk2015-03-02 14:02 - 2015-03-02 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 72015-03-02 14:02 - 2015-03-02 14:31 - 00000000 ____D () C:\Program Files (x86)\Your Uninstaller! 72015-03-02 13:58 - 2015-03-02 14:00 - 00000000 ____D () C:\Windows\Patches2015-03-02 13:30 - 2015-03-02 13:30 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Monitoring Agent.lnk2015-03-02 13:30 - 2015-03-02 13:30 - 00000000 ____D () C:\ProgramData\GFI2015-03-02 13:29 - 2015-03-04 16:44 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent2015-03-02 11:38 - 2015-03-04 15:26 - 00000000 ____D () C:\NPE2015-03-02 11:34 - 2015-03-04 15:49 - 00000000 ____D () C:\Users\Production2\AppData\Local\NPE2015-03-02 11:34 - 2015-03-02 11:34 - 03060320 ____N (Symantec Corporation) C:\Users\Production2\Downloads\NPE.exe2015-03-02 11:29 - 2015-03-04 14:56 - 00000000 ____D () C:\Qoobox2015-03-02 11:28 - 2015-03-04 14:54 - 00000000 ____D () C:\Windows\erdnt2015-03-02 11:02 - 2015-03-02 11:03 - 00485664 _____ () C:\Users\Production2\Downloads\setup_en.exe2015-03-02 10:06 - 2015-03-02 10:06 - 00002628 _____ () C:\Users\Production2\Desktop\2015 GARS.lnk2015-03-02 10:06 - 2015-03-02 10:06 - 00002364 _____ () C:\Users\Production2\Desktop\GARS.lnk2015-03-02 10:06 - 2015-03-02 10:06 - 00002151 _____ () C:\Users\Production2\Desktop\BRAINBOX.lnk2015-03-02 10:06 - 2015-03-02 10:06 - 00002135 _____ () C:\Users\Production2\Desktop\EVENTS.lnk2015-03-02 10:06 - 2015-03-02 10:06 - 00002126 _____ () C:\Users\Production2\Desktop\SALES.lnk2015-02-25 14:32 - 2015-02-25 14:32 - 00000000 ____D () C:\Windows\System32\Tasks\Endpoint Protection.cloud2015-02-25 14:28 - 2015-03-02 11:34 - 00000000 ____D () C:\ProgramData\Norton2015-02-25 14:28 - 2015-02-25 14:28 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS2015-02-25 14:28 - 2015-02-25 14:28 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT2015-02-25 14:28 - 2015-02-25 14:28 - 00003250 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2015-02-25 14:28 - 2015-02-25 14:28 - 00000000 ____D () C:\Windows\system32\Drivers\NISx642015-02-25 14:28 - 2015-02-25 14:28 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared2015-02-25 14:22 - 2015-02-25 14:32 - 00000000 ____D () C:\Program Files\Symantec.cloud2015-02-25 14:22 - 2015-02-25 14:22 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\Symantec.cloud2015-02-25 14:22 - 2015-02-25 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec.cloud2015-02-25 14:09 - 2015-03-04 17:03 - 00000000 ____D () C:\ProgramData\Symantec.cloud2015-02-25 13:37 - 2015-02-25 13:37 - 00000000 ____D () C:\Ihigh Symantec2015-02-25 13:32 - 2015-02-25 13:32 - 00000000 ____D () C:\Windows\Profiles\Production22015-02-25 13:23 - 2015-02-25 13:23 - 00000000 ____D () C:\Users\Production2\AppData\Roaming\URSoft2015-02-25 12:14 - 2015-03-02 11:00 - 00007626 _____ () C:\Users\Production2\AppData\Local\Resmon.ResmonCfg2015-02-25 12:04 - 2015-02-25 13:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-02-25 11:27 - 2015-02-25 13:11 - 00000000 ____D () C:\Users\Production2\Desktop\mbar2015-02-25 11:18 - 2015-03-02 11:22 - 00000000 ____D () C:\AdwCleaner2015-02-25 11:03 - 2015-02-25 11:03 - 00000000 ____D () C:\TDSSKiller_Quarantine2015-02-25 10:59 - 2015-02-25 10:59 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Production2\Downloads\mbar-1.09.1.1004.exe2015-02-25 10:58 - 2015-02-25 10:59 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Production2\Downloads\tdsskiller.exe2015-02-25 10:58 - 2015-02-25 10:58 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Production2\Downloads\rkill.exe2015-02-25 10:10 - 2015-03-04 14:50 - 00000000 ____D () C:\Avenger2015-02-25 09:27 - 2015-02-25 09:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\78D142F5.sys2015-02-25 03:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls2015-02-25 03:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls2015-02-24 16:50 - 2015-02-24 16:50 - 00000000 ____D () C:\Users\Production2\AppData\Local\Rainmaker_Software_Group_2015-02-24 16:49 - 2015-02-24 16:49 - 00000000 ____D () C:\Users\Production2\AppData\Roaming\Rainmaker Software Group LLC.​2015-02-24 16:43 - 2015-02-24 16:43 - 00003578 _____ () C:\Windows\System32\Tasks\DIGALUTT2015-02-24 16:42 - 2015-03-02 16:01 - 00000000 ____D () C:\Users\Production2\AppData\Local\4C4C4544-1424796127-4A10-804A-B1C04F5756312015-02-24 16:42 - 2015-02-25 10:10 - 00000000 ____D () C:\ProgramData\TUoILgHd2015-02-24 16:42 - 2015-02-24 17:05 - 00364120 _____ (Gambali OEM Software) C:\Windows\system32\Gambali64.dll2015-02-24 16:42 - 2015-02-24 17:05 - 00318784 _____ (Gambali OEM Software) C:\Windows\SysWOW64\Gambali.dll2015-02-24 16:41 - 2015-02-25 14:46 - 00000000 ____D () C:\Users\Production2\AppData\Roaming\4C4C4544-1424796080-4A10-804A-B1C04F5756312015-02-24 16:38 - 2015-02-25 13:26 - 00000000 ____D () C:\Program Files (x86)\CloudScout Parental Control2015-02-24 16:38 - 2015-02-24 16:38 - 00000000 ____D () C:\ProgramData\COMODO2015-02-24 16:37 - 2015-02-25 13:27 - 00000000 ____D () C:\Program Files (x86)\Media Downloader2015-02-24 16:36 - 2015-02-24 16:36 - 00000000 ____D () C:\3bd64d02-4500-473a-8cb7-e1bcb8f45beb2015-02-12 16:52 - 2015-02-12 16:52 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-12 16:52 - 2015-02-12 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-12 16:51 - 2015-02-12 16:52 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-02-12 16:51 - 2015-02-12 16:52 - 00000000 ____D () C:\Program Files\iTunes2015-02-12 16:51 - 2015-02-12 16:51 - 00000000 ____D () C:\Program Files\iPod2015-02-12 16:51 - 2015-02-12 16:51 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-02-11 18:57 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-02-11 18:57 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-02-11 18:57 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-02-11 18:57 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-02-11 01:25 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-02-11 01:25 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-02-11 01:25 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-02-11 01:25 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-02-11 01:25 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-02-11 01:25 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-02-11 01:25 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-02-11 01:25 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2015-02-11 01:25 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-02-11 01:25 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-02-11 01:25 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-02-11 01:25 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-02-11 01:25 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-02-11 01:25 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-02-11 01:25 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-02-11 01:25 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-02-11 01:25 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-02-11 01:25 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-02-11 01:25 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-02-11 01:25 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-02-11 01:25 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-02-11 01:25 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-02-11 01:25 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll2015-02-11 01:25 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll2015-02-11 01:25 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll2015-02-11 01:25 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll2015-02-11 01:25 - 2015-01-06 22:15 - 00104896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys2015-02-11 01:25 - 2015-01-06 22:10 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll2015-02-11 01:25 - 2015-01-06 21:44 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll2015-02-11 01:25 - 2015-01-06 20:49 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys2015-02-11 01:25 - 2015-01-06 20:49 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-02-11 01:25 - 2015-01-06 20:48 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-02-11 01:25 - 2015-01-06 20:48 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-02-11 01:25 - 2015-01-06 20:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2015-02-11 01:24 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-02-11 01:24 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-02-11 01:24 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-02-11 01:24 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-02-11 01:24 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-02-11 01:24 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-02-11 01:24 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-02-11 01:24 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-02-11 01:24 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-02-11 01:24 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-02-11 01:24 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-02-11 01:24 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-02-11 01:24 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-02-11 01:24 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-02-11 01:24 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-02-11 01:24 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-02-11 01:24 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-02-11 01:24 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-02-11 01:24 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-02-11 01:24 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-02-11 01:24 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-02-11 01:24 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2015-02-11 01:24 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-02-11 01:24 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-02-11 01:24 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-02-11 01:24 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-02-11 01:24 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-02-11 01:24 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-02-11 01:24 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-02-11 01:24 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-02-11 01:24 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-02-11 01:24 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-02-11 01:24 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-02-11 01:24 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-02-11 01:24 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-02-11 01:24 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-02-11 01:24 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-02-11 01:24 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-02-11 01:24 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-11 01:24 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-02-11 01:24 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-02-11 01:24 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-02-11 01:24 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-02-11 01:24 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-02-11 01:24 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-02-11 01:24 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-02-11 01:24 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-02-11 01:24 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-02-11 01:24 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-02-11 01:24 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-02-11 01:24 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-02-11 01:24 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-02-11 01:24 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-02-11 01:24 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-02-11 01:24 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-02-11 01:24 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-02-11 01:24 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-02-11 01:24 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-02-11 01:24 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-02-11 01:24 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-02-11 01:24 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-02-11 01:24 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-02-11 01:24 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-02-11 01:24 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-02-11 01:24 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-02-11 01:24 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-02-11 01:24 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-02-11 01:24 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-02-11 01:24 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-02-11 01:24 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-02-11 01:24 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-02-11 01:24 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-02-11 01:24 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2015-02-11 01:24 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2015-02-11 01:23 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-02-11 01:23 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2015-02-11 01:23 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2015-02-11 01:23 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2015-02-11 01:23 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2015-02-11 01:22 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-02-11 01:22 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-02-11 01:22 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-02-11 01:22 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-02-11 01:22 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-02-11 01:22 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-02-11 01:22 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-02-11 01:22 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-02-11 01:22 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll2015-02-11 01:21 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-02-10 16:39 - 2015-02-10 16:40 - 71647536 _____ (Apple Inc.) C:\Users\Production2\Downloads\icloudsetup(1).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 17:03 - 2012-10-15 13:24 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl2015-03-04 17:02 - 2009-07-14 00:13 - 00798066 _____ () C:\Windows\system32\PerfStringBackup.INI2015-03-04 16:56 - 2013-05-20 12:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-04 16:52 - 2012-10-05 01:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-03-04 16:43 - 2012-10-05 01:36 - 01050228 _____ () C:\Windows\WindowsUpdate.log2015-03-04 15:45 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-03-04 15:45 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-03-04 15:40 - 2013-10-15 11:46 - 00000000 ____D () C:\ProgramData\boost_interprocess2015-03-04 15:39 - 2013-05-20 12:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-04 15:39 - 2012-10-05 02:12 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2015-03-04 15:39 - 2012-10-05 02:12 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2015-03-04 15:39 - 2012-10-05 01:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2015-03-04 15:38 - 2014-01-22 09:32 - 00000925 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk2015-03-04 15:38 - 2014-01-22 09:31 - 00000909 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk2015-03-04 15:37 - 2012-10-05 03:29 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-04 15:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-04 15:37 - 2009-07-13 23:51 - 00064699 _____ () C:\Windows\setupact.log2015-03-04 14:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default2015-03-04 14:50 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2015-03-04 14:48 - 2010-11-20 22:47 - 00754948 _____ () C:\Windows\PFRO.log2015-03-04 14:32 - 2012-11-20 10:27 - 00000000 ____D () C:\Users\Production2\AppData\Local\0A852BE9-9973-4909-B684-4D21AA708A65.aplzod2015-03-04 14:32 - 2012-10-15 13:59 - 00000000 ____D () C:\Users\Production2\Documents\Outlook Files2015-03-04 08:47 - 2012-10-15 13:10 - 00000000 ____D () C:\ProgramData\LogMeIn2015-03-04 02:00 - 2014-08-16 01:00 - 00000000 ____D () C:\Users\Production2\AppData\Local\Adobe2015-03-04 01:51 - 2012-10-05 01:54 - 00000000 ____D () C:\Program Files (x86)\Dell Wireless2015-03-02 14:40 - 2014-06-02 11:27 - 00002074 _____ () C:\Users\Public\Desktop\PaperPort.lnk2015-03-02 14:40 - 2014-06-02 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 142015-03-02 14:39 - 2013-05-29 13:43 - 00000000 ____D () C:\Users\Production2\AppData\Roaming\Real2015-03-02 14:34 - 2013-05-21 12:13 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2015-03-02 14:32 - 2013-05-29 13:50 - 00000000 ____D () C:\ProgramData\TEMP2015-03-02 14:32 - 2012-10-18 05:18 - 00000000 ____D () C:\Users\Production2\AppData\Local\CrashDumps2015-03-02 14:24 - 2013-05-21 12:13 - 00000000 ____D () C:\ProgramData\Yahoo!2015-03-02 13:54 - 2013-05-29 13:43 - 00000000 ____D () C:\ProgramData\Real2015-03-02 13:54 - 2013-05-29 13:43 - 00000000 ____D () C:\Program Files (x86)\Real2015-03-02 11:05 - 2012-10-15 13:52 - 00000000 ____D () C:\Users\Production2\AppData\Local\Deployment2015-02-25 13:49 - 2012-10-15 14:12 - 00000000 ____D () C:\ProgramData\Symantec2015-02-25 13:49 - 2012-10-15 14:12 - 00000000 ____D () C:\Program Files (x86)\Symantec2015-02-20 11:48 - 2012-10-17 14:42 - 00000000 ____D () C:\Program Files (x86)\LogMeIn2015-02-20 11:46 - 2012-10-17 14:42 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll2015-02-20 11:46 - 2012-10-17 14:42 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll2015-02-20 11:46 - 2012-10-17 14:42 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll2015-02-16 10:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2015-02-12 16:51 - 2012-11-19 16:50 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-02-11 03:54 - 2009-07-13 23:45 - 05109856 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-11 03:49 - 2014-12-10 03:26 - 00000000 ____D () C:\Windows\system32\appraiser2015-02-11 03:49 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-02-11 03:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing2015-02-11 03:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2015-02-11 03:25 - 2012-10-15 13:37 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-02-11 03:22 - 2013-08-15 02:04 - 00000000 ____D () C:\Windows\system32\MRT2015-02-11 03:19 - 2012-11-12 16:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-02-10 16:14 - 2012-11-19 16:51 - 00000000 ____D () C:\Users\Production2\AppData\Local\Apple Computer2015-02-04 21:52 - 2012-10-05 01:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-04 21:52 - 2012-10-05 01:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-04 21:52 - 2012-10-05 01:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-04 17:51 - 2013-05-20 12:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-04 17:51 - 2013-05-20 12:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-01-25 11:12 - 2015-01-25 11:12 - 0002086 _____ () C:\Users\Production2\AppData\Roaming\BSG2013-09-13 17:17 - 2013-10-19 16:33 - 0014316 _____ () C:\Users\Production2\AppData\Roaming\ezstream_400x152.jpg2012-10-25 15:14 - 2013-10-19 16:33 - 0048390 _____ () C:\Users\Production2\AppData\Roaming\EZStream_Processing_Log.txt2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\Production2\AppData\Roaming\LVFS2014-11-13 14:44 - 2014-11-13 14:44 - 0000045 _____ () C:\Users\Production2\AppData\Roaming\WB.CFG2013-05-31 08:58 - 2014-06-25 08:36 - 0009728 _____ () C:\Users\Production2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2015-02-25 12:14 - 2015-03-02 11:00 - 0007626 _____ () C:\Users\Production2\AppData\Local\Resmon.ResmonCfg Some content of TEMP:====================C:\Users\Production2\AppData\Local\Temp\HitmanPro.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 00:05 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01Ran by Production2 at 2015-03-04 17:04:19Running from C:\Users\Production2\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection.cloud (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Symantec Endpoint Protection.cloud (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Symantec Endpoint Protection.cloud (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)Advanced Monitoring Agent (HKLM-x32\...\Advanced Monitoring Agent_is1) (Version: - )Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2200 - Brother Industries, Ltd.)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) HiddenDell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)Endpoint Protection.cloud (x32 Version: 21.5.0.19 - Symantec Corporation) HiddenEPS Viewer (HKLM-x32\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version: - IdeaMK)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )EZStream Streamer 5.1.4 (HKLM-x32\...\EZStream Streamer) (Version: 5.1.4 - EZStream.com)GFI LanGuard 11 Agent (x32 Version: 11.0.2012.0717 - GFI Software Ltd) HiddenGoogle Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddeniCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKONICA MINOLTA bizhub C250/C250P (HKLM\...\KONICA MINOLTA bizhub C250/C250P Installer) (Version: - )LogMeIn (HKLM-x32\...\{22461A1C-BD68-4D90-9897-1DB146D55ECB}) (Version: 4.1.2504 - LogMeIn, Inc.)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Lync Web App Plug-in (HKLM\...\{6619085B-A9D5-4DDD-800B-964903EAF546}) (Version: 15.8.8308.726 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nuance PaperPort 14 (HKLM-x32\...\{C5C4D031-D616-49E7-BCD4-E99CF5872EB0}) (Version: 14.0.0000 - Nuance Communications, Inc.)NVIDIA 3D Vision Driver 295.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 295.85 - NVIDIA Corporation)NVIDIA Graphics Driver 295.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.85 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.11.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.11.1 - NVIDIA Corporation)NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) HiddenPDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SmartFTP Client (HKLM\...\{18FDB222-B268-4D24-BC3E-54CEF922E918}) (Version: 6.0.2058.0 - SmartSoft Ltd.)Symantec.cloud - Cloud Agent (Version: 2.03.62.2582 - Symantec Corporation) HiddenSymantec.cloud - Endpoint Protection (Version: 5.10.11.690 - Symantec Corporation) HiddenSymantec.cloud (HKLM\...\Symantec Hosted Services ARP) (Version: - Symantec Corporation)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 02-03-2015 13:44:53 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.1702-03-2015 14:07:41 Before uninstalling Elite Unzip02-03-2015 14:10:01 Before uninstalling Microsoft Visual C++ 2005 Redistributable02-03-2015 14:10:09 Removed Microsoft Visual C++ 2005 Redistributable02-03-2015 14:11:59 Before uninstalling Microsoft Visual C++ 2005 Redistributable (x64)02-03-2015 14:12:06 Removed 02-03-2015 14:19:19 Before uninstalling Yahoo! Software Update02-03-2015 14:20:47 Before uninstalling Yahoo! Software Update02-03-2015 14:26:12 Before uninstalling Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.616102-03-2015 14:28:32 Before uninstalling Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.616102-03-2015 14:29:02 Before uninstalling Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.616102-03-2015 14:30:16 Before uninstalling Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.616102-03-2015 14:32:19 Before uninstalling Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.616102-03-2015 17:27:47 Windows Update03-03-2015 03:00:10 Windows Update04-03-2015 03:00:11 Windows Update04-03-2015 15:15:37 Checkpoint by HitmanPro04-03-2015 15:31:40 Norton_Power_Eraser_20150304153137346 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-03-04 14:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {04E2468A-ED07-4B75-ABD9-4A09E6CFEC75} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)Task: {12D63407-0DA9-46AD-B587-41869261CAC9} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3339915714-4026255288-318212047-1167 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeTask: {35FD1664-9DED-4647-900A-2CB0A5082311} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3339915714-4026255288-318212047-1167 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {3BF11DA3-5777-402D-A9AA-735F7AC372C6} - System32\Tasks\AdobeAAMUpdater-1.0-I-HIGH-Production2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)Task: {471E97E5-7A36-4498-8618-DA093C2D760F} - System32\Tasks\Endpoint Protection.cloud\Norton Error Analyzer => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {47962CAF-8E83-4D1C-A599-DD0FAADB6112} - System32\Tasks\{68AE6A29-5B95-4EE7-BD60-57C7FA1EF626} => pcalua.exe -a "C:\Program Files (x86)\Uninstall Information\97\3867\uninstall.exe" -c /PUninstall="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1" /reg=32Task: {5281096A-00A8-498D-8905-A5372C02D06D} - System32\Tasks\DIGALUTT => C:\ProgramData\c7866c1e8b4e47dcbbc4d78a3b19d377\c7866c1e8b4e47dcbbc4d78a3b19d377.exeTask: {5285D20D-4739-4B07-A028-0877D1012669} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)Task: {57EAD085-C290-4775-BFAC-B46D56840B93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)Task: {5F096411-2E0E-43BA-8DE5-46FD8E9A0E0A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3339915714-4026255288-318212047-1167 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exeTask: {61564EC8-AC6A-4953-8B16-7147EB518EEC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3339915714-4026255288-318212047-1167 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {75C77928-7335-435D-9E7C-E1B328EFD762} - \gtaUpt No Task File <==== ATTENTIONTask: {83ACE2C9-7C49-4F30-948D-2446D073784B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)Task: {A6FDBF3A-D5FB-4B75-A15C-54A1FB928999} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {A957DD8E-D85B-4A2C-8C86-6198677944F2} - System32\Tasks\Endpoint Protection.cloud\Norton Error Processor => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {D8DCE9A9-A464-4FDB-A7B3-C192DA2ED24E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3339915714-4026255288-318212047-1167 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exeTask: {E1F4BDBB-F901-4754-A1D9-F31CE60DC53E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-01-28 17:09 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-10-05 01:57 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE2015-03-02 13:41 - 2015-01-07 01:03 - 00292352 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe2012-07-17 17:20 - 2012-07-17 17:20 - 00305520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\apistrings.dll2012-07-17 17:24 - 2012-07-17 17:24 - 00159600 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\modlop.dll2012-07-23 07:32 - 2012-07-23 07:32 - 00099184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\httpserverattplugin.dll2013-05-23 09:05 - 2013-05-23 09:05 - 02021240 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\crmimodule.dll2012-07-17 17:29 - 2012-07-17 17:29 - 00208752 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\patchautodownload.dll2014-07-17 09:37 - 2014-07-17 09:37 - 00422000 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\remediationattplugin.dll2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll2013-01-21 07:05 - 2013-01-21 07:05 - 00183672 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\scanmngsys.dll2012-07-17 17:29 - 2012-07-17 17:29 - 00049520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\schedcompactdb.dll2012-07-17 17:29 - 2012-07-17 17:29 - 00054640 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\schedupdates.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-03-18 22:22 - 2014-03-18 22:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll2014-10-16 03:15 - 2014-10-16 03:15 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll2012-10-05 01:49 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2012-10-05 01:52 - 2012-01-21 06:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67833997.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67833997.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3339915714-4026255288-318212047-1167\Control Panel\Desktop\\Wallpaper -> C:\Users\Production2\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmpHKU\S-1-5-21-3339915714-4026255288-318212047-1191\Control Panel\Desktop\\Wallpaper -> C:\Users\bhocker\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgHKU\S-1-5-21-866357931-1683416658-3852769474-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 10.10.10.10 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-866357931-1683416658-3852769474-500 - Administrator - Disabled)ba (S-1-5-21-866357931-1683416658-3852769474-1001 - Administrator - Enabled) => C:\Users\baGuest (S-1-5-21-866357931-1683416658-3852769474-501 - Limited - Disabled)UpdatusUser (S-1-5-21-866357931-1683416658-3852769474-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth Device (Personal Area Network)Description: Bluetooth Device (Personal Area Network)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BthPanProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Symantec Endpoint Protection FirewallDescription: Symantec Endpoint Protection FirewallClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: Teefer3Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Dell Wireless 1703 802.11b/g/n (2.4GHz)Description: Dell Wireless 1703 802.11b/g/n (2.4GHz)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (03/04/2015 03:39:21 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2015 03:25:30 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2015 02:50:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2015 08:50:20 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2015 03:01:15 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\. Error: (03/04/2015 03:01:15 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\. Error: (03/04/2015 03:00:50 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\. Error: (03/04/2015 03:00:50 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\. Error: (03/03/2015 11:17:03 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2015 10:06:34 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17631, time stamp: 0x54b31bdfFaulting module name: nvd3dumx.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f3ea104Exception code: 0xc0000005Fault offset: 0x000007fee869429cFaulting process id: 0x28fcFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 System errors:=============Error: (03/04/2015 03:39:23 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: I-HIGH)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (03/04/2015 03:39:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (03/04/2015 03:38:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (03/04/2015 03:38:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: Teefer3 Error: (03/04/2015 03:37:46 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain I-HIGH due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (03/04/2015 03:26:52 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: I-HIGH)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (03/04/2015 03:26:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (03/04/2015 03:25:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: Teefer3 Error: (03/04/2015 03:25:10 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (03/04/2015 03:24:39 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain I-HIGH due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Microsoft Office Sessions:=========================Error: (11/20/2014 04:12:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3523 seconds with 420 seconds of active time. This session ended with a crash. Error: (11/20/2014 04:09:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5771 seconds with 2700 seconds of active time. This session ended with a crash. Error: (11/20/2014 02:05:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 11478 seconds with 1200 seconds of active time. This session ended with a crash. Error: (11/20/2014 00:04:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9712 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/19/2014 06:26:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3571 seconds with 480 seconds of active time. This session ended with a crash. Error: (11/19/2014 05:43:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10717 seconds with 3540 seconds of active time. This session ended with a crash. Error: (11/07/2014 06:54:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 354580 seconds with 5340 seconds of active time. This session ended with a crash. Error: (09/30/2014 10:17:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 88725 seconds with 1200 seconds of active time. This session ended with a crash. Error: (08/26/2014 03:19:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 21935 seconds with 6180 seconds of active time. This session ended with a crash. Error: (08/20/2014 01:23:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 97156 seconds with 1620 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2015-03-04 14:46:02.170 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-04 14:46:02.139 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5-3450 CPU @ 3.10GHzPercentage of memory in use: 43%Total physical RAM: 4056.96 MBAvailable physical RAM: 2277.53 MBTotal Pagefile: 8112.12 MBAvailable Pagefile: 5962.8 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.57 GB) (Free:323.1 GB) NTFSDrive d: (Mar 27 2008) (CDROM) (Total:0.69 GB) (Free:0.57 GB) UDFDrive e: (NIKON D60) (Removable) (Total:7.67 GB) (Free:6.7 GB) FAT32Drive i: (Lexar) (Removable) (Total:59.61 GB) (Free:46.18 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 96A6FBA0)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 59.6 GB) (Disk ID: C3072E18)Partition 1: (Not Active) - (Size=59.6 GB) - (Type=0C) ========================================================Disk: 2 (Size: 7.7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================