ComboFix 15-10-09.01 - joanne 10/11/2015  17:50:22.1.1 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3838.1852 [GMT -4:00]
Running from: c:\users\joanne\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\joanne\GoToAssistDownloadHelper.exe . . . . Failed to delete
C:\ZLB1006.tmp . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-11 to 2015-10-11  )))))))))))))))))))))))))))))))
.
.
2575-04-24 19:16 . 2575-04-24 19:16	74456	----a-w-	c:\windows\system32\RtNicProp64.dll
2574-04-05 12:32 . 2574-04-05 12:32	883928	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2566-03-26 11:48 . 2566-03-26 11:48	913456	----a-w-	c:\windows\system32\SFSS_APO.dll
2015-10-11 21:59 . 2015-10-11 21:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-10-11 21:25 . 2015-10-11 21:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-10-11 20:46 . 2015-10-11 20:52	--------	d-----w-	c:\program files (x86)\trend micro
2015-10-11 20:46 . 2015-10-11 20:47	--------	d-----w-	C:\rsit
2015-10-11 18:08 . 2015-10-11 18:08	--------	d-----w-	c:\users\joanne\AppData\Roaming\Oracle
2015-10-11 18:08 . 2015-10-11 18:08	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-10-11 18:06 . 2015-10-11 18:06	--------	d-----w-	c:\users\joanne\.oracle_jre_usage
2015-10-11 17:25 . 2015-08-31 22:45	11062400	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6B5DF7B-DB8B-4899-AF76-970C56EF36B8}\mpengine.dll
2015-10-11 03:15 . 2015-10-11 03:22	--------	d-----w-	c:\users\joanne\AppData\Local\Mozilla
2015-10-11 03:15 . 2015-10-11 03:15	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-10-10 16:12 . 2015-08-31 22:45	11062400	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-04 01:16 . 2013-09-20 14:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-10-04 00:29 . 2015-10-04 00:29	--------	d-----w-	c:\users\joanne\AppData\Local\VirtualStore
2015-10-03 23:34 . 2015-10-11 21:38	--------	d-----w-	c:\program files\Common Files\AV
2015-09-28 19:03 . 2015-09-28 19:03	--------	d-----w-	c:\users\joanne\AppData\Local\LogMeIn Rescue Applet
2015-09-28 18:29 . 2015-09-29 05:38	--------	d-----w-	c:\program files (x86)\ShowMyPCService
2015-09-28 18:28 . 2015-09-29 05:28	--------	d-----w-	c:\users\joanne\AppData\Local\Deployment
2015-09-26 17:10 . 2015-10-11 19:17	--------	d-----w-	c:\program files (x86)\iTunes
2015-09-26 17:10 . 2015-09-26 17:10	--------	d-----w-	c:\program files\iPod
2015-09-26 17:10 . 2015-09-26 17:11	--------	d-----w-	c:\program files\iTunes
2015-09-26 17:08 . 2015-09-26 17:08	--------	d-----w-	c:\program files (x86)\Apple Software Update
2015-09-26 17:08 . 2015-09-26 17:08	--------	d-----w-	c:\users\joanne\AppData\Local\Apple
2015-09-26 17:07 . 2015-09-26 17:07	--------	d-----w-	c:\program files\Bonjour
2015-09-26 17:07 . 2015-09-26 17:07	--------	d-----w-	c:\program files (x86)\Bonjour
2015-09-26 15:11 . 2015-09-26 15:13	--------	d-----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-26 12:53 . 2015-10-11 18:24	--------	d-----w-	c:\programdata\Malwarebytes Anti-Exploit
2015-09-26 12:53 . 2015-09-26 12:53	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Exploit
2015-09-26 12:52 . 2015-09-26 12:52	--------	d-----w-	c:\users\joanne\AppData\Local\Programs
2015-09-26 07:54 . 2015-07-01 22:13	1190000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BEB03E2-0DEE-4D2B-849A-7A9FE7D35297}\gapaengine.dll
2015-09-25 22:11 . 2015-09-25 22:18	--------	d-----w-	C:\$Windows.~BT
2015-09-25 17:05 . 2015-09-26 07:51	--------	d-----w-	c:\users\joanne\AppData\Local\Google
2015-09-25 14:27 . 2015-09-26 03:09	--------	d-----w-	c:\users\joanne\AppData\Local\Diagnostics
2015-09-25 13:39 . 2015-09-26 02:18	--------	d-----w-	c:\users\joanne\AppData\Local\ElevatedDiagnostics
2015-09-19 06:25 . 2015-09-19 06:25	984448	----a-w-	c:\windows\system32\ucrtbase.dll
2015-09-19 06:19 . 2015-09-19 06:19	--------	d-----w-	c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-09-15 09:26 . 2015-08-15 06:48	25190400	----a-w-	c:\windows\system32\mshtml.dll
2015-09-12 13:38 . 2015-08-04 17:55	147456	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2015-09-12 13:38 . 2015-08-04 18:03	692672	----a-w-	c:\windows\system32\winload.efi
2015-09-12 13:38 . 2015-08-04 18:00	616360	----a-w-	c:\windows\system32\winresume.efi
2015-09-12 13:38 . 2015-08-04 17:56	59392	----a-w-	c:\windows\system32\appidapi.dll
2015-09-12 13:38 . 2015-08-04 17:56	32768	----a-w-	c:\windows\system32\appidsvc.dll
2015-09-12 13:38 . 2015-08-04 17:47	50688	----a-w-	c:\windows\SysWow64\appidapi.dll
2015-09-12 13:38 . 2015-08-04 17:56	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2015-09-12 13:38 . 2015-08-04 17:55	17920	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2015-09-12 13:38 . 2015-08-04 16:58	61440	----a-w-	c:\windows\system32\drivers\appid.sys
2015-09-12 13:37 . 2015-09-02 01:51	3209216	----a-w-	c:\windows\system32\win32k.sys
2015-09-12 13:37 . 2015-09-02 01:47	372736	----a-w-	c:\windows\system32\atmfd.dll
2015-09-12 13:37 . 2015-09-02 03:04	41984	----a-w-	c:\windows\system32\lpk.dll
2015-09-12 13:37 . 2015-09-02 03:04	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-09-12 13:37 . 2015-09-02 03:04	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-09-12 13:37 . 2015-09-02 02:48	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-09-12 13:37 . 2015-09-02 01:33	299520	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-09-12 13:37 . 2015-09-02 03:04	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-09-12 13:37 . 2015-09-02 02:48	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-09-12 13:37 . 2015-09-02 02:48	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-09-12 13:37 . 2015-09-02 02:47	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-09-12 13:35 . 2015-08-05 17:56	1110016	----a-w-	c:\windows\system32\schedsvc.dll
2015-09-12 13:34 . 2015-07-15 03:17	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2574-04-05 12:32 . 2011-06-10 10:34	108760	----a-w-	c:\windows\system32\RTNUninst64.dll
2015-10-11 19:22 . 2014-10-15 07:11	113880	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-11 18:05 . 2015-05-06 09:10	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-15 09:31 . 2014-04-29 17:57	630992	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-08-26 22:37 . 2011-09-19 16:31	134753440	----a-w-	c:\windows\system32\MRT.exe
2015-08-12 20:03 . 2015-08-12 20:03	96528	----a-w-	c:\windows\system32\dns-sd.exe
2015-08-12 20:03 . 2015-08-12 20:03	86288	----a-w-	c:\windows\system32\dnssd.dll
2015-08-12 20:03 . 2015-08-12 20:03	61712	----a-w-	c:\windows\system32\jdns_sd.dll
2015-08-12 20:03 . 2015-08-12 20:03	213264	----a-w-	c:\windows\system32\dnssdX.dll
2015-08-12 20:03 . 2015-08-12 20:03	84240	----a-w-	c:\windows\SysWow64\dns-sd.exe
2015-08-12 20:03 . 2015-08-12 20:03	72976	----a-w-	c:\windows\SysWow64\dnssd.dll
2015-08-12 20:03 . 2015-08-12 20:03	50960	----a-w-	c:\windows\SysWow64\jdns_sd.dll
2015-08-12 20:03 . 2015-08-12 20:03	178960	----a-w-	c:\windows\SysWow64\dnssdX.dll
2015-07-30 18:06 . 2015-08-16 17:26	1180160	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-16 17:26	1648128	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-16 17:25	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-16 17:26	1251328	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-16 17:25	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-14 10:15	103120	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-14 10:15	124624	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-17 09:41	17344	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-17 09:41	774656	----a-w-	c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-17 09:41	743424	----a-w-	c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-17 09:41	437760	----a-w-	c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-17 09:41	1116672	----a-w-	c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-17 09:41	69120	----a-w-	c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-17 09:41	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-17 09:41	1148416	----a-w-	c:\windows\system32\aeinv.dll
2015-07-24 09:03 . 2015-07-24 09:03	26528	----a-w-	c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-07-22 17:53 . 2015-09-12 13:36	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-07-22 12:25 . 2012-05-04 09:23	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-22 12:25 . 2011-09-20 06:31	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-16 19:12 . 2015-08-16 17:44	856064	----a-w-	c:\windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-16 17:44	53248	----a-w-	c:\windows\SysWow64\tsgqec.dll
2015-07-16 19:12 . 2015-08-16 17:44	6131200	----a-w-	c:\windows\SysWow64\mstscax.dll
2015-07-16 19:11 . 2015-08-16 17:44	62976	----a-w-	c:\windows\system32\tsgqec.dll
2015-07-16 19:11 . 2015-08-16 17:44	7077376	----a-w-	c:\windows\system32\mstscax.dll
2015-07-16 19:11 . 2015-08-16 17:44	1057792	----a-w-	c:\windows\system32\rdvidcrl.dll
2015-07-15 18:15 . 2015-08-16 17:41	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-16 17:41	1743360	----a-w-	c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-16 17:40	11264	----a-w-	c:\windows\system32\msmmsp.dll
2015-07-15 03:19 . 2015-08-17 09:37	52736	----a-w-	c:\windows\system32\basesrv.dll
2013-09-07 13:07 . 2013-09-07 13:07	4096000	----a-w-	c:\program files (x86)\GUT298E.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-07-22 2620728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-11 c:\windows\Tasks\WpsUpdateTask_joanne.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-10-29 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-08-12 03:15	2340472	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-08-12 03:15	2340472	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-08-12 03:15	2340472	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\joanne\AppData\Roaming\Mozilla\Firefox\Profiles\l6xihxdu.default\
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SpybotPostWindows10UpgradeReInstall - c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-IMFservice
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,
   be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fc,f6,bd,21,d1,a3,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,c3,f3,c1,97,16,c3,42,b8,4b,27,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,c3,f3,c1,97,16,c3,42,b8,4b,27,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Completion time: 2015-10-11  18:07:28 - machine was rebooted
.
Pre-Run: 110,597,640,192 bytes free
Post-Run: 110,351,712,256 bytes free
.
- - End Of File - - 8AFA4AE5A79C304C7987311D45A1A750