Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't Switch wi-fi networks in Windows 7

Windows 7; malware; network

  • This topic is locked This topic is locked

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
1 more scan and it could take a while, it also may find files that have already been taken care of. Looks like we are almost done, then we can address that touchpad issue.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

Advertisements


#17
BluePoet

BluePoet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Here is the log, at long last:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir    Win32/Toolbar.Conduit potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\user.js.vir    JS/SecurityDisabler.A.Gen potentially unwanted application
C:\Downloads\Macrium Reflect Professional 5.2.6462 (x86-x64) +Patch\Macrium Reflect Professional 5.2.6462 (x64).tgz    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Downloads\Macrium Reflect Professional 5.2.6462 (x86-x64) +Patch\Macrium Reflect Professional 5.2.6462 (x86).tgz    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Downloads\Macrium Reflect Professional 5.2.6462 (x86-x64) +Patch\Macrium Reflect Professional 5.2.6462 (x64)\Patch\macrium.reflect.professional.5.2.6437.(64-bit)-MPT.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Downloads\Microsoft Office Toolkit\OTK2010V223\Office 2010 Toolkit.exe    a variant of MSIL/HackKMS.D potentially unsafe application
C:\MP3\Biffy Clyro - Opposites\Biffy_Clyro-Opposites-(Deluxe_Edition)-2CD-2013-FNT.rar    a variant of Win32/Kryptik.AWYM trojan
C:\multiAVCHD\tools\process.exe    Win32/PrcView potentially unsafe application
C:\Program Files\Macrium\Reflect\macrium.reflect.professional.5.2.6437.(64-bit)-MPT.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\John\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\John\AppData\Roaming\BitTorrent\updates\7.9.2_37755.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\John\AppData\Roaming\BitTorrent\updates\7.9.2_38657.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\prefs-1.js    JS/SecurityDisabler.A.Gen potentially unwanted application
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\prefs.js    JS/SecurityDisabler.A.Gen potentially unwanted application
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\prefs.js.BAK    JS/SecurityDisabler.A.Gen potentially unwanted application
C:\Users\John\AppData\Roaming\UBot Studio\Browser\5.0.13\UBotBase.dll    a variant of Win32/Packed.Themida suspicious application
C:\Users\John\Desktop\Old Firefox Data\user.js    JS/SecurityDisabler.A.Gen potentially unwanted application
C:\Users\John\Downloads\Ann-Free-video-converter.exe    Win32/DownWare.W potentially unwanted application
C:\Users\John\Downloads\BitTorrent-7.5.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\John\Downloads\BitTorrent.exe    a variant of Win32/Bunndle potentially unsafe application
C:\Users\John\Downloads\cbsidlm-cbsi213-Free_WMA_to_MP3-SEO-75758783.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\John\Downloads\cbsidlm-tr1_9-XMedia_Recode-SEO2-75450128.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\John\Downloads\FreemakeAudioConverterSetup(1).exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\John\Downloads\FreemakeAudioConverterSetup.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\John\Downloads\FreemakeVideoConverterSetup(2).exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\John\Downloads\FreemakeVideoConverterSetup.exe    Win32/OpenCandy potentially unsafe application
C:\Users\John\Downloads\FreeVideoToiPadConverter.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\John\Downloads\MKVConverterSetup.exe    Win32/Toolbar.Babylon potentially unwanted application
C:\Users\John\Downloads\multiAVCHD_4.1.exe    Win32/PrcView potentially unsafe application
C:\Users\John\Downloads\SetupImgBurn_2.5.6.0.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\Downloads\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\John\Downloads\Setup_FreeBurner.exe    Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\John\Downloads\switchsetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Windows\AutoKMS\AutoKMS.exe    MSIL/HackKMS.A potentially unsafe application
E:\Downloads\Macrium Reflect Professional 5.2.6462 (x86-x64) +Patch\Macrium Reflect Professional 5.2.6462 (x64).tgz    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\Downloads\Macrium Reflect Professional 5.2.6462 (x86-x64) +Patch\Macrium Reflect Professional 5.2.6462 (x86).tgz    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\Downloads\Macrium Reflect Professional 5.2.6462 (x86-x64) +Patch\Macrium Reflect Professional 5.2.6462 (x64)\Patch\macrium.reflect.professional.5.2.6437.(64-bit)-MPT.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\Downloads\Microsoft Office Toolkit\OTK2010V223\Office 2010 Toolkit.exe    a variant of MSIL/HackKMS.D potentially unsafe application
E:\MP3\Biffy Clyro - Opposites\Biffy_Clyro-Opposites-(Deluxe_Edition)-2CD-2013-FNT.rar    a variant of Win32/Kryptik.AWYM trojan
E:\multiAVCHD\tools\process.exe    Win32/PrcView potentially unsafe application
E:\Program Files\Macrium\Reflect\macrium.reflect.professional.5.2.6437.(64-bit)-MPT.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe    Win32/Toolbar.Conduit potentially unwanted application
E:\Program Files (x86)\Conduit\Community Alerts\Alert.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
E:\Users\John\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.66.exe    a variant of Win32/OpenCandy.C potentially unsafe application
E:\Users\John\AppData\Local\Temp\FreemakeVideoConverterFull.exe    a variant of Win32/OpenCandy.C potentially unsafe application
E:\Users\John\AppData\Roaming\BitTorrent\updates\7.8.1_30016.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
E:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\prefs-1.js    JS/SecurityDisabler.A.Gen potentially unwanted application
E:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\prefs.js    JS/SecurityDisabler.A.Gen potentially unwanted application
E:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\user.js    JS/SecurityDisabler.A.Gen potentially unwanted application
E:\Users\John\Desktop\Old Firefox Data\user.js    JS/SecurityDisabler.A.Gen potentially unwanted application
E:\Users\John\Downloads\Ann-Free-video-converter.exe    Win32/DownWare.W potentially unwanted application
E:\Users\John\Downloads\BitTorrent-7.5.exe    a variant of Win32/OpenCandy.C potentially unsafe application
E:\Users\John\Downloads\BitTorrent.exe    a variant of Win32/Bunndle potentially unsafe application
E:\Users\John\Downloads\cbsidlm-cbsi213-Free_WMA_to_MP3-SEO-75758783.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
E:\Users\John\Downloads\cbsidlm-tr1_9-XMedia_Recode-SEO2-75450128.exe    Win32/DownloadAdmin.G potentially unwanted application
E:\Users\John\Downloads\Free Simpsons Tapped Out Hack Updated 2013.exe    a variant of Win32/FirseriaInstaller.A potentially unwanted application
E:\Users\John\Downloads\FreemakeAudioConverterSetup.exe    a variant of Win32/OpenCandy.C potentially unsafe application
E:\Users\John\Downloads\FreemakeVideoConverterSetup(1).exe    a variant of Win32/OpenCandy.C potentially unsafe application
E:\Users\John\Downloads\FreemakeVideoConverterSetup.exe    Win32/OpenCandy potentially unsafe application
E:\Users\John\Downloads\FreeVideoToiPadConverter.exe    Win32/Toolbar.Conduit potentially unwanted application
E:\Users\John\Downloads\MiroVideoConverter_Setup.exe    a variant of Win32/OpenInstall potentially unwanted application
E:\Users\John\Downloads\MKVConverterSetup.exe    Win32/Toolbar.Babylon potentially unwanted application
E:\Users\John\Downloads\multiAVCHD_4.1.exe    Win32/PrcView potentially unsafe application
E:\Users\John\Downloads\MyPCBackup_Setup.exe    MSIL/MyPCBackup.D potentially unwanted application
E:\Users\John\Downloads\setup.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application
E:\Users\John\Downloads\SetupImgBurn_2.5.6.0.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Users\John\Downloads\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Users\John\Downloads\SetupImgBurn_2.5.8.0.exe    Win32/OpenCandy potentially unsafe application
E:\Users\John\Downloads\Setup_FreeBurner.exe    Win32/Toolbar.SearchSuite potentially unwanted application
E:\Users\John\Downloads\Simpsons Tapped Out Donut Hack Updated 2013.exe    Win32/OutBrowse.D potentially unwanted application
E:\Users\John\Downloads\Tapped_Out.exe    a variant of Win32/Adware.MediaFinder.G application
E:\Users\John\Downloads\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
E:\Windows\AutoKMS\AutoKMS.exe    MSIL/HackKMS.A potentially unsafe application
 

No longer able to change networks again, although mouse scroll works again.  Back to square one?


  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#19
BluePoet

BluePoet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by John (administrator) on JOHN-PC on 13-07-2015 09:05:03
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Laura & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Backblaze\bzserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(SparkLabs) C:\Program Files\TorGuard.Viscosity\TorGuardService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
() C:\Program Files (x86)\Backblaze\bzbui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\wmi64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [iFunBoxConnector] => C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [PlayOn] => C:\Program Files (x86)\MediaMall\PlayOn.exe
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [490176 2015-05-15] ()
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [490176 2015-05-15] ()
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk.disabled [2011-10-31]
ShortcutTarget: Hotkey.lnk.disabled -> C:\Program Files (x86)\Hotkey\Hotkey.exe (No File)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 181.48.0.232
Tcpip\..\Interfaces\{3B552699-F8DC-47B2-BD2C-E35D315E9186}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5E270983-28AC-49BD-886E-883FA6F49800}: [DhcpNameServer] 190.157.8.33 181.48.0.232
Tcpip\..\Interfaces\{AA627AE5-AEB8-4C34-B457-E730DC5FC15D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D802E7C7-6E87-4D45-AAB5-52C6EFDA5265}: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-04] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-19] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-777044968-2926712198-4189444973-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-07-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-777044968-2926712198-4189444973-1000: electronicarts.com/GameFacePlugin -> C:\Users\John\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-07-26] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-08-10] (Citrix Systems, Inc.)
FF Extension: about:addons-memory - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\Extensions\[email protected] [2015-07-03]
FF Extension: fcreward.100770.b - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\Extensions\{003e1c8f-ebd6-f074-7551-4b31c0f547ec}.xpi [2012-09-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-13]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09]
CHR Extension: (Kaspersky Protection) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-09]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-02]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [235712 2015-05-15] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-03-07] (The OpenVPN Project)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-01-23] (Paramount Software UK Ltd)
R2 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TorGuardService; C:\Program Files\TorGuard.Viscosity\TorGuardService.exe [92960 2015-07-10] (SparkLabs)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-11-19] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-11-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-01-19] () [File not signed]
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [34440 2015-07-10] (The OpenVPN Project)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-18] (CyberLink Corp.)
S3 MFE_RR; \??\C:\Users\John\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 09:04 - 2015-07-13 09:04 - 00000000 ____D C:\Users\John\Desktop\FRST-OlderVersion
2015-07-12 15:26 - 2015-07-12 15:26 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-12 15:25 - 2015-07-12 15:25 - 02870984 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2015-07-12 15:19 - 2015-07-12 15:19 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2cbb9.dmp
2015-07-12 15:14 - 2015-07-12 15:14 - 00213635 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2c8f7.dmp
2015-07-12 14:59 - 2015-07-12 15:00 - 18502952 _____ (Synaptics Incorporated) C:\Users\John\Downloads\Synaptics_v15_1_22_2_C_XP64_Vista64_Win7-64.exe
2015-07-12 14:41 - 2015-07-12 14:41 - 00002424 _____ C:\Users\John\Desktop\JRT.txt
2015-07-12 14:36 - 2015-07-12 14:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOHN-PC-Windows-7-Ultimate-(64-bit).dat
2015-07-12 14:35 - 2015-07-12 14:35 - 03034102 _____ (Malwarebytes Corporation) C:\Users\John\Desktop\JRT.exe
2015-07-12 14:24 - 2015-07-12 14:31 - 00000000 ____D C:\AdwCleaner
2015-07-12 14:23 - 2015-07-12 14:23 - 02248704 _____ C:\Users\John\Desktop\adwcleaner_4.208.exe
2015-07-12 14:03 - 2015-07-12 14:03 - 00001139 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 14:03 - 2015-07-12 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 14:03 - 2015-07-12 14:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 14:03 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-12 14:03 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-12 14:02 - 2015-07-12 14:02 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 13:38 - 2015-07-12 13:38 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-07-12 13:36 - 2015-07-12 13:36 - 00230729 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2b0fa.dmp
2015-07-12 13:24 - 2015-07-12 13:24 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2a98d.dmp
2015-07-12 13:09 - 2015-07-12 15:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 13:09 - 2015-07-12 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-12 13:09 - 2015-07-12 13:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-12 13:08 - 2015-07-12 14:49 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-12 13:08 - 2015-07-12 13:24 - 00000000 ____D C:\Users\John\Desktop\mbar
2015-07-12 13:08 - 2015-07-12 13:08 - 16502728 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.09.1.1004.exe
2015-07-12 12:51 - 2015-07-12 12:51 - 00225735 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2a90b.dmp
2015-07-12 12:44 - 2015-07-12 12:44 - 00034685 _____ C:\ComboFix.txt
2015-07-12 12:17 - 2015-07-12 12:17 - 00783640 _____ (McAfee, Inc.) C:\Users\John\Downloads\rootkitremover.exe
2015-07-12 12:17 - 2015-07-12 12:17 - 00000310 _____ C:\Users\John\Downloads\RootkitRemover_20150712_121726.log
2015-07-12 12:15 - 2015-07-12 12:15 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2015-07-12 12:13 - 2015-07-12 12:13 - 01602864 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\rakhnidecryptor.exe
2015-07-12 12:11 - 2015-07-12 12:11 - 00248558 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a29fbf.dmp
2015-07-12 12:07 - 2015-07-13 09:03 - 00002546 _____ C:\Windows\SysWOW64\debug.log
2015-07-12 12:07 - 2015-07-12 15:18 - 00306056 _____ C:\Windows\PFRO.log
2015-07-12 11:51 - 2015-07-12 11:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-07-12 11:48 - 2015-07-12 12:09 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-12 11:48 - 2015-07-12 11:48 - 00250838 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2994a.dmp
2015-07-12 11:47 - 2015-07-12 11:52 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-12 11:42 - 2015-07-12 11:42 - 01805736 _____ (Symantec Corporation) C:\Users\John\Downloads\FixZeroAccess.exe
2015-07-12 11:42 - 2015-07-12 11:42 - 00203887 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a296d4.dmp
2015-07-12 11:42 - 2015-07-12 11:42 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2015-07-12 11:31 - 2015-07-12 11:31 - 00232653 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a29658.dmp
2015-07-12 10:05 - 2015-07-12 10:07 - 00051649 _____ C:\Users\John\Desktop\Addition.txt
2015-07-12 10:04 - 2015-07-13 09:05 - 00033382 _____ C:\Users\John\Desktop\FRST.txt
2015-07-12 10:03 - 2015-07-13 09:05 - 00000000 ____D C:\FRST
2015-07-12 10:03 - 2015-07-13 09:04 - 02133504 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-07-11 21:00 - 2015-07-11 21:00 - 00236219 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1b19f.dmp
2015-07-11 19:18 - 2015-07-11 19:18 - 01187520 _____ (Adobe Systems Incorporated) C:\Users\John\Downloads\flashplayer18au_ha_install.exe
2015-07-11 19:08 - 2015-07-11 19:08 - 00246002 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1afe0.dmp
2015-07-11 19:01 - 2015-07-11 19:01 - 00228597 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1ae45.dmp
2015-07-11 18:58 - 2015-07-11 18:58 - 00240751 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1ad8d.dmp
2015-07-11 00:52 - 2015-07-11 00:52 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a04c21.dmp
2015-07-09 23:58 - 2015-07-09 23:58 - 00239321 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559eda95.dmp
2015-07-09 11:04 - 2015-07-09 11:04 - 00191877 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559e92bd.dmp
2015-07-08 19:28 - 2015-07-08 19:28 - 00298639 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559d699f.dmp
2015-07-08 13:31 - 2015-07-12 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 13:31 - 2015-07-11 20:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 13:31 - 2015-07-08 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
2015-07-08 13:31 - 2015-07-08 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayLater
2015-07-08 13:26 - 2015-07-08 13:26 - 02715192 _____ (MediaMall Technologies, Inc.) C:\Users\John\Downloads\PlayLaterSetup.1.6.46.exe
2015-07-08 13:21 - 2015-07-08 13:22 - 30819648 _____ (MediaMall Technologies, Inc.) C:\Users\John\Downloads\PlayLaterPatch.1.6.46.exe
2015-07-07 22:50 - 2015-07-07 22:50 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559c8f9f.dmp
2015-07-06 23:21 - 2015-07-07 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 18:03 - 2015-07-06 18:03 - 00225889 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559afd81.dmp
2015-07-06 13:10 - 2015-07-06 13:10 - 00227387 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559a7854.dmp
2015-07-05 21:55 - 2015-07-05 21:55 - 00193605 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5599abc2.dmp
2015-07-05 00:12 - 2015-07-05 00:12 - 00206203 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5598b3d7.dmp
2015-07-04 15:37 - 2015-07-04 15:37 - 00251409 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55980ba0.dmp
2015-07-04 11:34 - 2015-07-04 11:34 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\Program Files\iTunes
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\Program Files\iPod
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-04 11:33 - 2015-07-04 11:33 - 00194499 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559690b8.dmp
2015-07-04 11:29 - 2015-07-04 11:29 - 00001882 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-04 11:29 - 2015-07-04 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-04 11:29 - 2015-07-04 11:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-04 11:28 - 2015-07-04 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-07-02 15:52 - 2015-07-02 15:52 - 00235496 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5595a23f.dmp
2015-07-02 10:50 - 2015-07-02 10:50 - 00191480 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5595531d.dmp
2015-07-01 19:50 - 2015-07-01 19:50 - 00188934 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55946133.dmp
2015-07-01 17:33 - 2015-07-01 17:33 - 00001151 _____ C:\Users\Public\Desktop\Faasoft Audio Converter.lnk
2015-07-01 17:33 - 2015-07-01 17:33 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Faasoft
2015-07-01 17:31 - 2015-07-01 17:32 - 11888574 _____ (Faasoft Corporation) C:\Users\John\Downloads\f-audio-converter(1).exe
2015-07-01 17:12 - 2015-07-02 09:28 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-07-01 17:12 - 2015-07-02 09:28 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-07-01 17:12 - 2015-07-01 17:12 - 00656448 _____ (NCH Software) C:\Users\John\Downloads\switchsetup.exe
2015-07-01 17:12 - 2015-07-01 17:12 - 00000000 ____D C:\ProgramData\NCH Software
2015-07-01 16:52 - 2015-07-01 16:52 - 00190636 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55945558.dmp
2015-07-01 16:30 - 2015-07-01 16:33 - 00000000 ____D C:\Users\John\AppData\Roaming\freac
2015-07-01 16:29 - 2015-07-01 16:29 - 07531408 _____ C:\Users\John\Downloads\freac-1.0.23.exe
2015-07-01 16:26 - 2015-07-01 16:26 - 00000000 ____D C:\Users\John\AppData\Roaming\Faasoft Video Converter
2015-07-01 16:24 - 2015-07-01 17:33 - 00000000 ____D C:\Program Files (x86)\Faasoft
2015-07-01 16:18 - 2015-07-02 10:11 - 00000000 ____D C:\Users\John\Documents\Faasoft Audio Converter
2015-07-01 16:16 - 2015-07-01 16:16 - 00000000 ____D C:\Users\John\AppData\Roaming\Faasoft Audio Converter
2015-07-01 16:14 - 2015-07-01 16:14 - 11888574 _____ (Faasoft Corporation) C:\Users\John\Downloads\f-audio-converter.exe
2015-07-01 16:09 - 2015-07-01 16:09 - 00000000 ____D C:\Users\John\Documents\Any Video Converter
2015-07-01 16:09 - 2015-07-01 16:09 - 00000000 ____D C:\Users\John\AppData\Roaming\Anvsoft
2015-07-01 16:09 - 2015-07-01 16:09 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2015-07-01 16:08 - 2015-07-01 16:08 - 34599616 _____ C:\Users\John\Downloads\any-audio-converter.exe
2015-07-01 14:49 - 2015-07-01 14:50 - 05736682 _____ (Igor Pavlov) C:\Users\John\Downloads\foobar2000 Full Encoder Pack 2015-06-28.exe
2015-07-01 14:48 - 2015-07-01 14:48 - 00219606 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559428e8.dmp
2015-07-01 14:23 - 2015-07-01 17:32 - 00000000 ____D C:\Users\John\AppData\Roaming\foobar2000
2015-07-01 14:23 - 2015-07-01 14:23 - 00000891 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-07-01 14:23 - 2015-07-01 14:23 - 00000809 _____ C:\Users\Public\Desktop\foobar2000.lnk
2015-07-01 14:15 - 2015-07-01 14:15 - 03875496 _____ (foobar2000.org) C:\Users\John\Downloads\foobar2000_v1.3.8(1).exe
2015-07-01 13:49 - 2015-07-01 13:49 - 01529924 _____ (foobar2000.org) C:\Users\John\Downloads\Free_Encoder_Pack_2015-06-02(1).exe
2015-07-01 12:46 - 2015-07-01 12:47 - 01529924 _____ (foobar2000.org) C:\Users\John\Downloads\Free_Encoder_Pack_2015-06-02.exe
2015-07-01 12:38 - 2015-07-01 12:39 - 03875496 _____ (foobar2000.org) C:\Users\John\Downloads\foobar2000_v1.3.8.exe
2015-07-01 09:05 - 2015-07-01 09:05 - 00233146 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5593f32e.dmp
2015-06-29 10:10 - 2015-06-29 10:10 - 00218232 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55915f10.dmp
2015-06-28 18:02 - 2015-07-04 11:34 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-28 17:59 - 2015-06-28 18:01 - 121283888 _____ (Apple Inc.) C:\Users\John\Downloads\itunes64setup(1).exe
2015-06-28 17:52 - 2015-06-28 17:52 - 00000000 ____D C:\Users\John\AppData\Roaming\TaiG
2015-06-25 18:51 - 2015-06-25 18:51 - 10756558 _____ C:\Users\John\Downloads\DDWRT-QuickSetup.exe
2015-06-18 20:49 - 2015-06-18 20:49 - 00000000 ____D C:\Users\Laura\AppData\Local\GWX
2015-06-18 20:48 - 2015-06-18 20:48 - 00002367 _____ C:\Users\Laura\Desktop\Safe Money.lnk
2015-06-18 20:48 - 2015-06-18 20:48 - 00000000 ____D C:\Users\Laura\AppData\Local\Wondershare
2015-06-18 20:48 - 2015-06-18 20:48 - 00000000 ____D C:\Users\Laura\AppData\Local\Google
2015-06-18 20:48 - 2015-06-18 20:48 - 00000000 ____D C:\Users\Laura\AppData\Local\CyberLink
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 09:03 - 2015-02-09 21:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 09:03 - 2014-11-20 11:30 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-13 09:03 - 2014-11-20 11:29 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-13 09:03 - 2014-10-16 11:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-13 09:02 - 2011-10-31 12:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-13 09:02 - 2011-06-29 13:51 - 00090809 _____ C:\Windows\setupact.log
2015-07-13 09:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 22:49 - 2011-10-31 11:46 - 01769319 _____ C:\Windows\WindowsUpdate.log
2015-07-12 22:23 - 2015-02-09 21:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 22:15 - 2009-07-13 23:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 22:15 - 2009-07-13 23:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 15:13 - 2013-01-12 14:08 - 00000000 ____D C:\Windows\erdnt
2015-07-12 15:00 - 2011-10-31 12:32 - 00021402 _____ C:\Windows\DPINST.LOG
2015-07-12 13:36 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-12 13:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-12 12:44 - 2012-01-07 14:09 - 00000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2015-07-12 12:42 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-07-12 11:46 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 11:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-12 11:00 - 2014-04-05 16:26 - 00000032 _____ C:\Windows\SysWOW64\thxcfg.ini
2015-07-12 10:59 - 2012-12-15 19:20 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2015-07-11 20:09 - 2012-04-03 08:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 20:09 - 2011-11-02 19:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 19:20 - 2014-08-26 20:39 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-10 17:55 - 2015-04-04 10:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-10 17:55 - 2015-04-04 10:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-10 13:19 - 2014-04-21 10:26 - 00034440 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\visctap0901.sys
2015-07-09 23:31 - 2014-04-21 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TorGuard
2015-07-09 23:31 - 2014-04-21 10:26 - 00000000 ____D C:\Program Files\TorGuard.Viscosity
2015-07-09 23:30 - 2012-06-24 19:05 - 00000000 ____D C:\Users\John\AppData\Roaming\BitTorrent
2015-07-09 10:28 - 2015-04-08 12:08 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2015-07-08 13:31 - 2014-05-08 18:14 - 00002090 _____ C:\Users\Public\Desktop\PlayOn.lnk
2015-07-08 13:31 - 2013-08-06 11:42 - 00001006 _____ C:\Users\Public\Desktop\PlayLater.lnk
2015-07-08 13:29 - 2011-10-31 12:59 - 00000000 ____D C:\Windows\Downloaded Installations
2015-07-07 15:25 - 2015-02-09 21:13 - 00002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 10:30 - 2015-03-17 09:26 - 00000000 ____D C:\Users\John\Documents\English Class
2015-07-04 17:39 - 2011-11-02 19:35 - 00000000 ____D C:\Users\John\AppData\Roaming\Apple Computer
2015-07-04 11:38 - 2012-10-10 16:16 - 00000000 ____D C:\Users\John\Documents\Outlook Files
2015-07-04 11:34 - 2011-11-02 19:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-03 08:59 - 2015-06-11 09:41 - 00000000 ____D C:\Users\John\Documents\Rent Receipts
2015-07-03 08:59 - 2011-11-01 21:25 - 00000000 ____D C:\Users\John
2015-07-02 16:05 - 2011-11-02 19:29 - 00000000 ____D C:\MP3
2015-07-01 17:50 - 2014-10-06 17:05 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-07-01 17:50 - 2011-11-12 01:40 - 00000975 _____ C:\Users\John\AppData\Roaming\default.rss
2015-07-01 13:51 - 2011-10-31 12:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-01 12:19 - 2011-11-06 18:04 - 00000000 ____D C:\Users\John\AppData\Roaming\Nero
2015-06-23 23:29 - 2009-07-14 00:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-23 17:18 - 2014-12-24 00:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:30 - 2010-11-20 22:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-18 20:48 - 2014-10-18 16:56 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

==================== Files in the root of some directories =======

2011-11-12 01:40 - 2015-07-01 17:50 - 0000975 _____ () C:\Users\John\AppData\Roaming\default.rss
2012-06-25 19:45 - 2012-06-25 19:45 - 0000000 _____ () C:\Users\John\AppData\Roaming\downloads.m3u
2011-11-27 13:24 - 2012-03-11 15:04 - 0000268 ____H () C:\Users\John\AppData\Roaming\Track Settings
2012-03-11 15:05 - 2012-03-11 15:05 - 0000268 ____H () C:\Users\John\AppData\Roaming\Trance Pad
2011-11-27 13:24 - 2012-03-11 15:04 - 0000268 ____H () C:\Users\John\AppData\Roaming\Transportation
2012-08-20 14:22 - 2013-04-16 10:37 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Vocals
2014-04-29 12:16 - 2014-04-29 12:16 - 169928142 _____ () C:\Users\John\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-04-29 12:16 - 2014-04-29 12:16 - 0001986 _____ () C:\Users\John\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2012-03-11 15:19 - 2012-03-11 15:19 - 0008192 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 15:42 - 2014-04-05 15:42 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2012-08-20 14:22 - 2013-04-16 10:37 - 0000012 ___RH () C:\ProgramData\Analog Sync
2012-02-14 13:25 - 2015-02-02 13:36 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-08-20 14:22 - 2013-04-16 10:37 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2011-11-27 13:25 - 2012-03-11 15:05 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-11-27 13:24 - 2012-03-11 15:04 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-11-27 13:24 - 2012-03-11 15:04 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2012-03-11 15:04 - 2012-03-11 15:04 - 0000268 ___RH () C:\ProgramData\Tremolo
2012-03-11 15:05 - 2012-03-11 15:05 - 0000268 ___RH () C:\ProgramData\Tribal Masks
2012-03-11 15:04 - 2012-03-11 15:04 - 0000268 ___RH () C:\ProgramData\Trumpet Section
2012-08-20 14:22 - 2013-04-16 10:37 - 0000268 ___RH () C:\ProgramData\Woodwinds

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 00:33

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by John at 2015-07-13 09:05:37
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-777044968-2926712198-4189444973-500 - Administrator - Disabled)
Guest (S-1-5-21-777044968-2926712198-4189444973-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-777044968-2926712198-4189444973-1012 - Limited - Enabled)
John (S-1-5-21-777044968-2926712198-4189444973-1000 - Administrator - Enabled) => C:\Users\John
Laura (S-1-5-21-777044968-2926712198-4189444973-1003 - Limited - Enabled) => C:\Users\Laura
UpdatusUser (S-1-5-21-777044968-2926712198-4189444973-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (x32 Version: 4.4.32.0 - Nero AG) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{06A333EA-4E9D-4848-865F-FE5A1E12AB30}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backblaze (HKLM-x32\...\Backblaze) (Version:  - Backblaze, Inc)
BDtoAVCHD 1.7.8 (HKLM-x32\...\{0213E592-8C74-429F-83C5-78B1B6744EC7}) (Version: 1.7.8 - Joel Gali)
Binreader (HKLM-x32\...\{3D47B2C0-8748-4450-99AE-0746A5A74C8E}) (Version: 1.0.0 - Binreader)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: 9.2.1.71.52 - BisonCam)
BitTorrent (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{8854EE3C-5031-499F-B5EB-51A82F1B28EF}) (Version: 2.21.0 - Kovid Goyal)
Citrix Presentation Server Client (HKLM-x32\...\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}) (Version: 10.00.52110 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1607 - CyberLink Corp.)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Documents To Go Desktop for iOS (HKLM-x32\...\DTGDesktop) (Version: 4.0001.010 - DataViz, Inc.)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Faasoft Audio Converter 5.2.23.5604 (HKLM-x32\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version:  - Faasoft Corporation)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Free Video to iPad Converter version 5.0.17.903 (HKLM-x32\...\Free Video to iPad Converter_is1) (Version: 5.0.17.903 - DVDVideoSoft Ltd.)
Freemake Audio Converter version 1.1.3 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.3 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hotkey 3.3028 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3028 - NoteBook)
Hotkey 3.3028 (x32 Version: 3.3028 - NoteBook) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iCopyBot for Windows 7.2.7 (HKLM-x32\...\iCopyBot for Windows) (Version: 7.2.7 - VOWSoft, Ltd.)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
iRip (HKLM-x32\...\{98FA0A89-358D-4D39-A666-D4D321A44971}) (Version: 1.1.0 - The Little App Factory)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{0FB81B1A-1329-4905-8080-058E530CD6D9}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.26.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.62.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
JustCloud Setup (x32 Version: 1.0.0.08 - JustCloud) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Macrium Reflect Professional Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Professional Edition (Version: 5.2.6462 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Miro Video Converter (HKLM-x32\...\Miro Video Converter) (Version: 0.8.0 - Participatory Culture Foundation)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 en-US)) (Version: 17.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nero 9 (HKLM-x32\...\{0b5080e9-3b6e-4902-b448-c52159e20604}) (Version:  - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{594F6A23-9FF2-4D03-8761-97483E55CE79}) (Version: 1.5.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OLYMPUS A-GPS Utility (HKLM-x32\...\{C73F6E04-F3C9-46F1-833E-306AC1DC8C97}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
OpenVPN 2.3.0-I005  (HKLM\...\OpenVPN) (Version: 2.3.0-I005 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.1 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
PlayLater (HKLM-x32\...\{FD1F149A-C14F-4C1D-A5E2-E6BE3A61A75A}) (Version: 1.6.46 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{DC5DEE99-7D1C-4A45-B2E8-E4B1F513329B}) (Version: 3.10.46 - MediaMall Technologies, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
Protector Suite 2009 (HKLM\...\{0F841121-4DB6-4B31-839F-7F5AB3BB3423}) (Version: 5.9.3.6379 - UPEK Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
SoundTrax (x32 Version: 4.4.32.0 - Nero AG) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.4.3.21029 - Blizzard Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.14.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
TorGuard 1.0.0 (1097) (HKLM\...\{6B859FAA-B180-4779-A754-086A308C49CC-ViscosityV~7814C94C_is1) (Version: 1.0.0 - VPNetworks LLC)
TrojanHunter 5.5 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.5 - Mischel Internet Security)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.5 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.2 - Nikon)
WebCam Installer (HKLM-x32\...\{AAE521B6-2F19-447F-8CB6-6D1E3A19F3ED}) (Version: 3.32 - WebCam)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-07-2015 15:13:34 ComboFix created restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-07-12 13:37 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10BDECDE-A065-462D-A217-A20FAFBA2319} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
Task: {2EE41FA5-D625-439C-A32D-BB6E86C70702} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-07-17] ()
Task: {329F41F6-A5E6-4FD6-A2E4-44179EFC1C93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {49CAC970-179D-45F9-90F4-8A310573B107} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {50CAAE3E-B06B-4326-A00B-1E18BF1B39A3} - System32\Tasks\{381C7D36-DFCE-4585-B7F9-AFB2C84390F7} => pcalua.exe -a C:\Users\John\Downloads\install_backblaze.exe -d C:\Users\John\Downloads
Task: {6196A9FE-E233-4C93-9E75-DC1F2DC6EE58} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {7EAF7783-423A-44E1-B010-436DBDCDBE40} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {A6C60DF3-FFEB-4537-A3B2-2D89C8FE6E58} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {BC842465-2184-450E-881F-EAD3D253987D} - System32\Tasks\{4A931D54-E9BE-4400-8D2C-9B7E62AC3B71} => pcalua.exe -a C:\Users\John\Downloads\S-VNX2__-020301WF-NSAEN-64BIT_.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {D0D9B56C-427C-4B22-8A0D-5868B8D39C14} - System32\Tasks\{3C3B8694-343F-4DE7-B830-63FB49769ACE} => Firefox.exe http://ui.skype.com/...#38;page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-11-02 14:58 - 2010-11-02 14:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-01-14 13:22 - 2013-03-14 23:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-07 11:29 - 2015-05-15 19:01 - 00235712 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-11-02 14:58 - 2010-11-02 14:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-10-31 13:07 - 2010-11-12 14:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-01-07 08:34 - 2012-11-20 01:03 - 00812544 _____ () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
2014-03-07 11:29 - 2015-05-15 19:01 - 00490176 _____ () C:\Program Files (x86)\Backblaze\bzbui.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 16:12 - 2014-08-30 16:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-07 08:34 - 2012-04-26 14:38 - 20758016 _____ () C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
2010-08-03 17:39 - 2010-08-03 17:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 17:39 - 2010-08-03 17:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-09-04 17:06 - 2014-08-05 09:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-04 17:06 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-04-12 10:36 - 2015-03-19 01:46 - 00867592 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
2015-04-12 10:36 - 2013-12-10 06:31 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
2015-04-12 10:36 - 2013-12-10 06:31 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
2015-04-12 10:36 - 2013-12-10 06:31 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
2015-04-12 10:36 - 2013-12-10 06:31 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
2014-12-02 09:24 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-777044968-2926712198-4189444973-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.157.8.33 - 181.48.0.232

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
MSCONFIG\startupreg: THGuard => "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4121E59B-97AD-469F-97A6-BB137C1A1374}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3F058AE9-6777-4D3E-A759-D9EB42907EC9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3B275B5C-704A-4522-8A7F-B0DE906D8CA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{98047BD2-AF2B-4584-BAC5-9E856C08CE7D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{1297F6E6-4B44-4A67-8E91-A5036A8AC9CB}C:\program files (x86)\bittorrent\bittorrent.exe] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{5BA302C7-0802-48C4-99D5-F083C4D2EECE}C:\program files (x86)\bittorrent\bittorrent.exe] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{249E256B-54CD-4A0A-835D-3909E4F370E7}] => (Allow) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6CAA5347-30D0-4BB1-8444-6A683B22296E}] => (Allow) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{6DDA9ABA-26D8-40AB-BC20-5F5CF422E153}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{227DB363-6146-438C-92DD-4FBF7D355A48}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [{91FD69AD-2749-4AA0-B39D-8CD688F3D121}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{41625CE9-D9ED-4B41-956A-F60D185882D3}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{BB7394F8-042E-4D50-AAF4-F1F03D7A1496}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{5DAEDF9F-83D8-4F83-A23E-92945691D18E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{57B0EBEA-6B95-4B26-9BBB-18032D300F67}] => (Allow) LPort=3306
FirewallRules: [{A7D35646-A57D-4AA7-84AA-DE61C25D958D}] => (Allow) LPort=3306
FirewallRules: [{44207FBA-9CF8-42E8-B6EB-7CF4646BCF0E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{803E0E53-D879-42B2-94DA-DA1C7C706952}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4BF5E6D7-AB2A-4074-8DCB-543F65CBD7AC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CD17F013-E561-4CF1-94A1-6E337A3B90F6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FC8F50C6-55CC-495B-86A2-B48B36597749}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9E5D8C66-9E22-4463-BFE2-42DA2AA65BBA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BFD355BE-4E9D-4AB7-B713-001EE981F442}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{74A56AFE-BE6D-4441-9F9F-046DAC75AE22}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{FCE45A9D-DDB1-49D9-BF63-E76B9FA38DC7}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{92F0C351-CF4B-48CE-99CA-E1D4315EE7AC}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{430DC851-19BB-460B-9382-E2CC4A0881BC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{47445B4B-D8A0-4BF2-B19D-34F0E192B43D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{A1610976-8052-42F9-8B6F-E6A66AA4782D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{C4CF89D0-94B5-4E9A-984F-49F1FA5DEF01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{C0CE489A-3EEB-4FC5-8970-ACD357F3520A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{8A8E3C42-AAF1-455A-8645-A75F76A0A00B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F101ABA2-4747-4889-AC02-6CCCEDA48344}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{963316A2-0035-467F-A00F-BE36EE132062}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{2B99D1BF-D136-4567-BC3D-496C495F9BA7}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{3EB59697-EFBC-4A47-A31C-151FD98839B2}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe
FirewallRules: [{E3788022-0DFC-4B26-9EDA-0C29D4221EC2}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{1B3E09A0-3841-4A87-BA67-8E1539D363D4}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe

==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Viscosity Virtual Adapter V9.1 #2
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Viscosity Virtual Adapter V9.1 #3
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 03:25:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/12/2015 03:25:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATH.exe, version: 17.492.0.84, time stamp: 0x550cacc1
Faulting module name: objc.dll, version: 1.528.0.129, time stamp: 0x54c60fe9
Exception code: 0xc0000005
Fault offset: 0x00006be4
Faulting process id: 0x1edc
Faulting application start time: 0xATH.exe0
Faulting application path: ATH.exe1
Faulting module path: ATH.exe2
Report Id: ATH.exe3

Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATH.exe, version: 17.492.0.84, time stamp: 0x550cacc1
Faulting module name: objc.dll, version: 1.528.0.129, time stamp: 0x54c60fe9
Exception code: 0xc0000005
Fault offset: 0x00006be4
Faulting process id: 0xf58
Faulting application start time: 0xATH.exe0
Faulting application path: ATH.exe1
Faulting module path: ATH.exe2
Report Id: ATH.exe3

Error: (07/12/2015 12:36:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server

Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (07/12/2015 11:55:18 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x80070005).


System errors:
=============
Error: (07/13/2015 09:04:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/13/2015 09:04:59 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/12/2015 03:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (07/12/2015 03:29:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/12/2015 03:29:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/12/2015 03:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (07/12/2015 03:29:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/12/2015 03:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (07/12/2015 03:27:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (07/12/2015 03:27:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office:
=========================
Error: (07/12/2015 03:25:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (07/12/2015 03:25:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ATH.exe17.492.0.84550cacc1objc.dll1.528.0.12954c60fe9c000000500006be41edc01d0bcd994bbe448C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll6e737fd4-28cd-11e5-9170-0090f5c384a9

Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ATH.exe17.492.0.84550cacc1objc.dll1.528.0.12954c60fe9c000000500006be4f5801d0bcd9b89db38dC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll6e7358c4-28cd-11e5-9170-0090f5c384a9

Error: (07/12/2015 12:36:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (07/12/2015 11:55:18 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80070005


CodeIntegrity Errors:
===================================
  Date: 2015-07-12 12:05:36.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-12 12:05:36.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-12 12:05:36.066
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-12 12:05:36.019
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-04 20:36:32.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-04 20:36:32.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 17:17:34.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 17:17:34.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 17:17:34.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 17:17:34.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2820QM CPU @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 8169.4 MB
Available physical RAM: 4870.71 MB
Total Virtual: 16337 MB
Available Virtual: 12863.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:953.77 GB) (Free:339.95 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:698.54 GB) (Free:83.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 01557017)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=953.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 097E2604)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#20
BluePoet

BluePoet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Need to bump this up, because I haven't received a response in a couple days, and I am really hoping that I can resolve this without formatting and starting over, especially as my backup probably has this virus in it somewhere.


  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
I'm running behind please bear with me, I'll be with you as soon as possible.
  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Sorry for delay. Family issues that required immediate attention.


Can you describe the network issue a bit more and how you're connected / set up etc. I'm not a network person.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 MFE_RR; \??\C:\Users\John\AppData\Local\Temp\mfe_rr.sys [X]
CMD: ipconfig /flushdns
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


Next
Please download MiniToolBox http://download.blee...MiniToolBox.exeand run it.

Checkmark following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Restore Points
Click Go and post the result.

Post in your next reply:

Minitoolbox log
Fix log.txt

Thanks
Joe
  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP