Here are the logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by John (administrator) on JOHN-PC on 13-07-2015 09:05:03
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Laura & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Backblaze\bzserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(SparkLabs) C:\Program Files\TorGuard.Viscosity\TorGuardService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
() C:\Program Files (x86)\Backblaze\bzbui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\wmi64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [950296 2015-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [iFunBoxConnector] => C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [PlayOn] => C:\Program Files (x86)\MediaMall\PlayOn.exe
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [490176 2015-05-15] ()
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [490176 2015-05-15] ()
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk.disabled [2011-10-31]
ShortcutTarget: Hotkey.lnk.disabled -> C:\Program Files (x86)\Hotkey\Hotkey.exe (No File)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-11-19] (Kaspersky Lab ZAO)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 181.48.0.232
Tcpip\..\Interfaces\{3B552699-F8DC-47B2-BD2C-E35D315E9186}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5E270983-28AC-49BD-886E-883FA6F49800}: [DhcpNameServer] 190.157.8.33 181.48.0.232
Tcpip\..\Interfaces\{AA627AE5-AEB8-4C34-B457-E730DC5FC15D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D802E7C7-6E87-4D45-AAB5-52C6EFDA5265}: [DhcpNameServer] 8.8.8.8 8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-11] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-04] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-19] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-11-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-777044968-2926712198-4189444973-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-07-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-777044968-2926712198-4189444973-1000: electronicarts.com/GameFacePlugin -> C:\Users\John\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-07-26] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-08-10] (Citrix Systems, Inc.)
FF Extension: about:addons-memory - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\Extensions\[email protected] [2015-07-03]
FF Extension: fcreward.100770.b - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z5xtwheb.default-1347206686710\Extensions\{003e1c8f-ebd6-f074-7551-4b31c0f547ec}.xpi [2012-09-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-13]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09]
CHR Extension: (Kaspersky Protection) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-09]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-02]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [235712 2015-05-15] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-03-07] (The OpenVPN Project)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-01-23] (Paramount Software UK Ltd)
R2 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TorGuardService; C:\Program Files\TorGuard.Viscosity\TorGuardService.exe [92960 2015-07-10] (SparkLabs)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-11-19] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-11-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-01-19] () [File not signed]
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [34440 2015-07-10] (The OpenVPN Project)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-18] (CyberLink Corp.)
S3 MFE_RR; \??\C:\Users\John\AppData\Local\Temp\mfe_rr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 09:04 - 2015-07-13 09:04 - 00000000 ____D C:\Users\John\Desktop\FRST-OlderVersion
2015-07-12 15:26 - 2015-07-12 15:26 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-12 15:25 - 2015-07-12 15:25 - 02870984 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2015-07-12 15:19 - 2015-07-12 15:19 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2cbb9.dmp
2015-07-12 15:14 - 2015-07-12 15:14 - 00213635 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2c8f7.dmp
2015-07-12 14:59 - 2015-07-12 15:00 - 18502952 _____ (Synaptics Incorporated) C:\Users\John\Downloads\Synaptics_v15_1_22_2_C_XP64_Vista64_Win7-64.exe
2015-07-12 14:41 - 2015-07-12 14:41 - 00002424 _____ C:\Users\John\Desktop\JRT.txt
2015-07-12 14:36 - 2015-07-12 14:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOHN-PC-Windows-7-Ultimate-(64-bit).dat
2015-07-12 14:35 - 2015-07-12 14:35 - 03034102 _____ (Malwarebytes Corporation) C:\Users\John\Desktop\JRT.exe
2015-07-12 14:24 - 2015-07-12 14:31 - 00000000 ____D C:\AdwCleaner
2015-07-12 14:23 - 2015-07-12 14:23 - 02248704 _____ C:\Users\John\Desktop\adwcleaner_4.208.exe
2015-07-12 14:03 - 2015-07-12 14:03 - 00001139 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 14:03 - 2015-07-12 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 14:03 - 2015-07-12 14:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 14:03 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-12 14:03 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-12 14:02 - 2015-07-12 14:02 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 13:38 - 2015-07-12 13:38 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-07-12 13:36 - 2015-07-12 13:36 - 00230729 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2b0fa.dmp
2015-07-12 13:24 - 2015-07-12 13:24 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2a98d.dmp
2015-07-12 13:09 - 2015-07-12 15:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 13:09 - 2015-07-12 14:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-12 13:09 - 2015-07-12 13:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-12 13:08 - 2015-07-12 14:49 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-12 13:08 - 2015-07-12 13:24 - 00000000 ____D C:\Users\John\Desktop\mbar
2015-07-12 13:08 - 2015-07-12 13:08 - 16502728 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.09.1.1004.exe
2015-07-12 12:51 - 2015-07-12 12:51 - 00225735 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2a90b.dmp
2015-07-12 12:44 - 2015-07-12 12:44 - 00034685 _____ C:\ComboFix.txt
2015-07-12 12:17 - 2015-07-12 12:17 - 00783640 _____ (McAfee, Inc.) C:\Users\John\Downloads\rootkitremover.exe
2015-07-12 12:17 - 2015-07-12 12:17 - 00000310 _____ C:\Users\John\Downloads\RootkitRemover_20150712_121726.log
2015-07-12 12:15 - 2015-07-12 12:15 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2015-07-12 12:13 - 2015-07-12 12:13 - 01602864 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\rakhnidecryptor.exe
2015-07-12 12:11 - 2015-07-12 12:11 - 00248558 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a29fbf.dmp
2015-07-12 12:07 - 2015-07-13 09:03 - 00002546 _____ C:\Windows\SysWOW64\debug.log
2015-07-12 12:07 - 2015-07-12 15:18 - 00306056 _____ C:\Windows\PFRO.log
2015-07-12 11:51 - 2015-07-12 11:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-07-12 11:48 - 2015-07-12 12:09 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-12 11:48 - 2015-07-12 11:48 - 00250838 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a2994a.dmp
2015-07-12 11:47 - 2015-07-12 11:52 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-12 11:42 - 2015-07-12 11:42 - 01805736 _____ (Symantec Corporation) C:\Users\John\Downloads\FixZeroAccess.exe
2015-07-12 11:42 - 2015-07-12 11:42 - 00203887 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a296d4.dmp
2015-07-12 11:42 - 2015-07-12 11:42 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2015-07-12 11:31 - 2015-07-12 11:31 - 00232653 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a29658.dmp
2015-07-12 10:05 - 2015-07-12 10:07 - 00051649 _____ C:\Users\John\Desktop\Addition.txt
2015-07-12 10:04 - 2015-07-13 09:05 - 00033382 _____ C:\Users\John\Desktop\FRST.txt
2015-07-12 10:03 - 2015-07-13 09:05 - 00000000 ____D C:\FRST
2015-07-12 10:03 - 2015-07-13 09:04 - 02133504 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-07-11 21:00 - 2015-07-11 21:00 - 00236219 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1b19f.dmp
2015-07-11 19:18 - 2015-07-11 19:18 - 01187520 _____ (Adobe Systems Incorporated) C:\Users\John\Downloads\flashplayer18au_ha_install.exe
2015-07-11 19:08 - 2015-07-11 19:08 - 00246002 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1afe0.dmp
2015-07-11 19:01 - 2015-07-11 19:01 - 00228597 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1ae45.dmp
2015-07-11 18:58 - 2015-07-11 18:58 - 00240751 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a1ad8d.dmp
2015-07-11 00:52 - 2015-07-11 00:52 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55a04c21.dmp
2015-07-09 23:58 - 2015-07-09 23:58 - 00239321 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559eda95.dmp
2015-07-09 11:04 - 2015-07-09 11:04 - 00191877 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559e92bd.dmp
2015-07-08 19:28 - 2015-07-08 19:28 - 00298639 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559d699f.dmp
2015-07-08 13:31 - 2015-07-12 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 13:31 - 2015-07-11 20:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 13:31 - 2015-07-08 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
2015-07-08 13:31 - 2015-07-08 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayLater
2015-07-08 13:26 - 2015-07-08 13:26 - 02715192 _____ (MediaMall Technologies, Inc.) C:\Users\John\Downloads\PlayLaterSetup.1.6.46.exe
2015-07-08 13:21 - 2015-07-08 13:22 - 30819648 _____ (MediaMall Technologies, Inc.) C:\Users\John\Downloads\PlayLaterPatch.1.6.46.exe
2015-07-07 22:50 - 2015-07-07 22:50 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559c8f9f.dmp
2015-07-06 23:21 - 2015-07-07 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 18:03 - 2015-07-06 18:03 - 00225889 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559afd81.dmp
2015-07-06 13:10 - 2015-07-06 13:10 - 00227387 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559a7854.dmp
2015-07-05 21:55 - 2015-07-05 21:55 - 00193605 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5599abc2.dmp
2015-07-05 00:12 - 2015-07-05 00:12 - 00206203 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5598b3d7.dmp
2015-07-04 15:37 - 2015-07-04 15:37 - 00251409 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55980ba0.dmp
2015-07-04 11:34 - 2015-07-04 11:34 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\Program Files\iTunes
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\Program Files\iPod
2015-07-04 11:34 - 2015-07-04 11:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-04 11:33 - 2015-07-04 11:33 - 00194499 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559690b8.dmp
2015-07-04 11:29 - 2015-07-04 11:29 - 00001882 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-04 11:29 - 2015-07-04 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-04 11:29 - 2015-07-04 11:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-04 11:28 - 2015-07-04 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-07-02 15:52 - 2015-07-02 15:52 - 00235496 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5595a23f.dmp
2015-07-02 10:50 - 2015-07-02 10:50 - 00191480 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5595531d.dmp
2015-07-01 19:50 - 2015-07-01 19:50 - 00188934 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55946133.dmp
2015-07-01 17:33 - 2015-07-01 17:33 - 00001151 _____ C:\Users\Public\Desktop\Faasoft Audio Converter.lnk
2015-07-01 17:33 - 2015-07-01 17:33 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Faasoft
2015-07-01 17:31 - 2015-07-01 17:32 - 11888574 _____ (Faasoft Corporation) C:\Users\John\Downloads\f-audio-converter(1).exe
2015-07-01 17:12 - 2015-07-02 09:28 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-07-01 17:12 - 2015-07-02 09:28 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-07-01 17:12 - 2015-07-01 17:12 - 00656448 _____ (NCH Software) C:\Users\John\Downloads\switchsetup.exe
2015-07-01 17:12 - 2015-07-01 17:12 - 00000000 ____D C:\ProgramData\NCH Software
2015-07-01 16:52 - 2015-07-01 16:52 - 00190636 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55945558.dmp
2015-07-01 16:30 - 2015-07-01 16:33 - 00000000 ____D C:\Users\John\AppData\Roaming\freac
2015-07-01 16:29 - 2015-07-01 16:29 - 07531408 _____ C:\Users\John\Downloads\freac-1.0.23.exe
2015-07-01 16:26 - 2015-07-01 16:26 - 00000000 ____D C:\Users\John\AppData\Roaming\Faasoft Video Converter
2015-07-01 16:24 - 2015-07-01 17:33 - 00000000 ____D C:\Program Files (x86)\Faasoft
2015-07-01 16:18 - 2015-07-02 10:11 - 00000000 ____D C:\Users\John\Documents\Faasoft Audio Converter
2015-07-01 16:16 - 2015-07-01 16:16 - 00000000 ____D C:\Users\John\AppData\Roaming\Faasoft Audio Converter
2015-07-01 16:14 - 2015-07-01 16:14 - 11888574 _____ (Faasoft Corporation) C:\Users\John\Downloads\f-audio-converter.exe
2015-07-01 16:09 - 2015-07-01 16:09 - 00000000 ____D C:\Users\John\Documents\Any Video Converter
2015-07-01 16:09 - 2015-07-01 16:09 - 00000000 ____D C:\Users\John\AppData\Roaming\Anvsoft
2015-07-01 16:09 - 2015-07-01 16:09 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2015-07-01 16:08 - 2015-07-01 16:08 - 34599616 _____ C:\Users\John\Downloads\any-audio-converter.exe
2015-07-01 14:49 - 2015-07-01 14:50 - 05736682 _____ (Igor Pavlov) C:\Users\John\Downloads\foobar2000 Full Encoder Pack 2015-06-28.exe
2015-07-01 14:48 - 2015-07-01 14:48 - 00219606 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_559428e8.dmp
2015-07-01 14:23 - 2015-07-01 17:32 - 00000000 ____D C:\Users\John\AppData\Roaming\foobar2000
2015-07-01 14:23 - 2015-07-01 14:23 - 00000891 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-07-01 14:23 - 2015-07-01 14:23 - 00000809 _____ C:\Users\Public\Desktop\foobar2000.lnk
2015-07-01 14:15 - 2015-07-01 14:15 - 03875496 _____ (foobar2000.org) C:\Users\John\Downloads\foobar2000_v1.3.8(1).exe
2015-07-01 13:49 - 2015-07-01 13:49 - 01529924 _____ (foobar2000.org) C:\Users\John\Downloads\Free_Encoder_Pack_2015-06-02(1).exe
2015-07-01 12:46 - 2015-07-01 12:47 - 01529924 _____ (foobar2000.org) C:\Users\John\Downloads\Free_Encoder_Pack_2015-06-02.exe
2015-07-01 12:38 - 2015-07-01 12:39 - 03875496 _____ (foobar2000.org) C:\Users\John\Downloads\foobar2000_v1.3.8.exe
2015-07-01 09:05 - 2015-07-01 09:05 - 00233146 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5593f32e.dmp
2015-06-29 10:10 - 2015-06-29 10:10 - 00218232 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_55915f10.dmp
2015-06-28 18:02 - 2015-07-04 11:34 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-28 17:59 - 2015-06-28 18:01 - 121283888 _____ (Apple Inc.) C:\Users\John\Downloads\itunes64setup(1).exe
2015-06-28 17:52 - 2015-06-28 17:52 - 00000000 ____D C:\Users\John\AppData\Roaming\TaiG
2015-06-25 18:51 - 2015-06-25 18:51 - 10756558 _____ C:\Users\John\Downloads\DDWRT-QuickSetup.exe
2015-06-18 20:49 - 2015-06-18 20:49 - 00000000 ____D C:\Users\Laura\AppData\Local\GWX
2015-06-18 20:48 - 2015-06-18 20:48 - 00002367 _____ C:\Users\Laura\Desktop\Safe Money.lnk
2015-06-18 20:48 - 2015-06-18 20:48 - 00000000 ____D C:\Users\Laura\AppData\Local\Wondershare
2015-06-18 20:48 - 2015-06-18 20:48 - 00000000 ____D C:\Users\Laura\AppData\Local\Google
2015-06-18 20:48 - 2015-06-18 20:48 - 00000000 ____D C:\Users\Laura\AppData\Local\CyberLink
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 09:03 - 2015-02-09 21:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 09:03 - 2014-11-20 11:30 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-13 09:03 - 2014-11-20 11:29 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-13 09:03 - 2014-10-16 11:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-13 09:02 - 2011-10-31 12:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-13 09:02 - 2011-06-29 13:51 - 00090809 _____ C:\Windows\setupact.log
2015-07-13 09:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 22:49 - 2011-10-31 11:46 - 01769319 _____ C:\Windows\WindowsUpdate.log
2015-07-12 22:23 - 2015-02-09 21:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 22:15 - 2009-07-13 23:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 22:15 - 2009-07-13 23:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 15:13 - 2013-01-12 14:08 - 00000000 ____D C:\Windows\erdnt
2015-07-12 15:00 - 2011-10-31 12:32 - 00021402 _____ C:\Windows\DPINST.LOG
2015-07-12 13:36 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-12 13:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-12 12:44 - 2012-01-07 14:09 - 00000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2015-07-12 12:42 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-07-12 11:46 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 11:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-12 11:00 - 2014-04-05 16:26 - 00000032 _____ C:\Windows\SysWOW64\thxcfg.ini
2015-07-12 10:59 - 2012-12-15 19:20 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2015-07-11 20:09 - 2012-04-03 08:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-11 20:09 - 2011-11-02 19:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 19:20 - 2014-08-26 20:39 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-10 17:55 - 2015-04-04 10:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-10 17:55 - 2015-04-04 10:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-10 13:19 - 2014-04-21 10:26 - 00034440 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\visctap0901.sys
2015-07-09 23:31 - 2014-04-21 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TorGuard
2015-07-09 23:31 - 2014-04-21 10:26 - 00000000 ____D C:\Program Files\TorGuard.Viscosity
2015-07-09 23:30 - 2012-06-24 19:05 - 00000000 ____D C:\Users\John\AppData\Roaming\BitTorrent
2015-07-09 10:28 - 2015-04-08 12:08 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2015-07-08 13:31 - 2014-05-08 18:14 - 00002090 _____ C:\Users\Public\Desktop\PlayOn.lnk
2015-07-08 13:31 - 2013-08-06 11:42 - 00001006 _____ C:\Users\Public\Desktop\PlayLater.lnk
2015-07-08 13:29 - 2011-10-31 12:59 - 00000000 ____D C:\Windows\Downloaded Installations
2015-07-07 15:25 - 2015-02-09 21:13 - 00002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 10:30 - 2015-03-17 09:26 - 00000000 ____D C:\Users\John\Documents\English Class
2015-07-04 17:39 - 2011-11-02 19:35 - 00000000 ____D C:\Users\John\AppData\Roaming\Apple Computer
2015-07-04 11:38 - 2012-10-10 16:16 - 00000000 ____D C:\Users\John\Documents\Outlook Files
2015-07-04 11:34 - 2011-11-02 19:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-03 08:59 - 2015-06-11 09:41 - 00000000 ____D C:\Users\John\Documents\Rent Receipts
2015-07-03 08:59 - 2011-11-01 21:25 - 00000000 ____D C:\Users\John
2015-07-02 16:05 - 2011-11-02 19:29 - 00000000 ____D C:\MP3
2015-07-01 17:50 - 2014-10-06 17:05 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-07-01 17:50 - 2011-11-12 01:40 - 00000975 _____ C:\Users\John\AppData\Roaming\default.rss
2015-07-01 13:51 - 2011-10-31 12:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-01 12:19 - 2011-11-06 18:04 - 00000000 ____D C:\Users\John\AppData\Roaming\Nero
2015-06-23 23:29 - 2009-07-14 00:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-23 17:18 - 2014-12-24 00:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:30 - 2010-11-20 22:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-18 20:48 - 2014-10-18 16:56 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
==================== Files in the root of some directories =======
2011-11-12 01:40 - 2015-07-01 17:50 - 0000975 _____ () C:\Users\John\AppData\Roaming\default.rss
2012-06-25 19:45 - 2012-06-25 19:45 - 0000000 _____ () C:\Users\John\AppData\Roaming\downloads.m3u
2011-11-27 13:24 - 2012-03-11 15:04 - 0000268 ____H () C:\Users\John\AppData\Roaming\Track Settings
2012-03-11 15:05 - 2012-03-11 15:05 - 0000268 ____H () C:\Users\John\AppData\Roaming\Trance Pad
2011-11-27 13:24 - 2012-03-11 15:04 - 0000268 ____H () C:\Users\John\AppData\Roaming\Transportation
2012-08-20 14:22 - 2013-04-16 10:37 - 0000268 ___RH () C:\Users\John\AppData\Roaming\Vocals
2014-04-29 12:16 - 2014-04-29 12:16 - 169928142 _____ () C:\Users\John\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload
2014-04-29 12:16 - 2014-04-29 12:16 - 0001986 _____ () C:\Users\John\AppData\Local\ACCCx2_5_1_369.2.zip.aamdownload.aamd
2012-03-11 15:19 - 2012-03-11 15:19 - 0008192 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 15:42 - 2014-04-05 15:42 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2012-08-20 14:22 - 2013-04-16 10:37 - 0000012 ___RH () C:\ProgramData\Analog Sync
2012-02-14 13:25 - 2015-02-02 13:36 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-08-20 14:22 - 2013-04-16 10:37 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2011-11-27 13:25 - 2012-03-11 15:05 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-11-27 13:24 - 2012-03-11 15:04 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-11-27 13:24 - 2012-03-11 15:04 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2012-03-11 15:04 - 2012-03-11 15:04 - 0000268 ___RH () C:\ProgramData\Tremolo
2012-03-11 15:05 - 2012-03-11 15:05 - 0000268 ___RH () C:\ProgramData\Tribal Masks
2012-03-11 15:04 - 2012-03-11 15:04 - 0000268 ___RH () C:\ProgramData\Trumpet Section
2012-08-20 14:22 - 2013-04-16 10:37 - 0000268 ___RH () C:\ProgramData\Woodwinds
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-03 00:33
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by John at 2015-07-13 09:05:37
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-777044968-2926712198-4189444973-500 - Administrator - Disabled)
Guest (S-1-5-21-777044968-2926712198-4189444973-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-777044968-2926712198-4189444973-1012 - Limited - Enabled)
John (S-1-5-21-777044968-2926712198-4189444973-1000 - Administrator - Enabled) => C:\Users\John
Laura (S-1-5-21-777044968-2926712198-4189444973-1003 - Limited - Enabled) => C:\Users\Laura
UpdatusUser (S-1-5-21-777044968-2926712198-4189444973-1005 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"Nero SoundTrax Help (x32 Version: 4.4.32.0 - Nero AG) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{06A333EA-4E9D-4848-865F-FE5A1E12AB30}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc)
BDtoAVCHD 1.7.8 (HKLM-x32\...\{0213E592-8C74-429F-83C5-78B1B6744EC7}) (Version: 1.7.8 - Joel Gali)
Binreader (HKLM-x32\...\{3D47B2C0-8748-4450-99AE-0746A5A74C8E}) (Version: 1.0.0 - Binreader)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: 9.2.1.71.52 - BisonCam)
BitTorrent (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{8854EE3C-5031-499F-B5EB-51A82F1B28EF}) (Version: 2.21.0 - Kovid Goyal)
Citrix Presentation Server Client (HKLM-x32\...\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}) (Version: 10.00.52110 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1607 - CyberLink Corp.)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Documents To Go Desktop for iOS (HKLM-x32\...\DTGDesktop) (Version: 4.0001.010 - DataViz, Inc.)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Faasoft Audio Converter 5.2.23.5604 (HKLM-x32\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version: - Faasoft Corporation)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Free Video to iPad Converter version 5.0.17.903 (HKLM-x32\...\Free Video to iPad Converter_is1) (Version: 5.0.17.903 - DVDVideoSoft Ltd.)
Freemake Audio Converter version 1.1.3 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.3 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hotkey 3.3028 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3028 - NoteBook)
Hotkey 3.3028 (x32 Version: 3.3028 - NoteBook) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iCopyBot for Windows 7.2.7 (HKLM-x32\...\iCopyBot for Windows) (Version: 7.2.7 - VOWSoft, Ltd.)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
iRip (HKLM-x32\...\{98FA0A89-358D-4D39-A666-D4D321A44971}) (Version: 1.1.0 - The Little App Factory)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{0FB81B1A-1329-4905-8080-058E530CD6D9}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.26.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.62.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
JustCloud Setup (x32 Version: 1.0.0.08 - JustCloud) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Macrium Reflect Professional Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Professional Edition (Version: 5.2.6462 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Miro Video Converter (HKLM-x32\...\Miro Video Converter) (Version: 0.8.0 - Participatory Culture Foundation)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 en-US)) (Version: 17.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nero 9 (HKLM-x32\...\{0b5080e9-3b6e-4902-b448-c52159e20604}) (Version: - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{594F6A23-9FF2-4D03-8761-97483E55CE79}) (Version: 1.5.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OLYMPUS A-GPS Utility (HKLM-x32\...\{C73F6E04-F3C9-46F1-833E-306AC1DC8C97}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
OpenVPN 2.3.0-I005 (HKLM\...\OpenVPN) (Version: 2.3.0-I005 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.1 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
PlayLater (HKLM-x32\...\{FD1F149A-C14F-4C1D-A5E2-E6BE3A61A75A}) (Version: 1.6.46 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{DC5DEE99-7D1C-4A45-B2E8-E4B1F513329B}) (Version: 3.10.46 - MediaMall Technologies, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
Protector Suite 2009 (HKLM\...\{0F841121-4DB6-4B31-839F-7F5AB3BB3423}) (Version: 5.9.3.6379 - UPEK Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
SoundTrax (x32 Version: 4.4.32.0 - Nero AG) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.4.3.21029 - Blizzard Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.14.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
TorGuard 1.0.0 (1097) (HKLM\...\{6B859FAA-B180-4779-A754-086A308C49CC-ViscosityV~7814C94C_is1) (Version: 1.0.0 - VPNetworks LLC)
TrojanHunter 5.5 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.5 - Mischel Internet Security)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.5 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-777044968-2926712198-4189444973-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.10.2 - Nikon)
WebCam Installer (HKLM-x32\...\{AAE521B6-2F19-447F-8CB6-6D1E3A19F3ED}) (Version: 3.32 - WebCam)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
12-07-2015 15:13:34 ComboFix created restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2015-07-12 13:37 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10BDECDE-A065-462D-A217-A20FAFBA2319} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
Task: {2EE41FA5-D625-439C-A32D-BB6E86C70702} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-07-17] ()
Task: {329F41F6-A5E6-4FD6-A2E4-44179EFC1C93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {49CAC970-179D-45F9-90F4-8A310573B107} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {50CAAE3E-B06B-4326-A00B-1E18BF1B39A3} - System32\Tasks\{381C7D36-DFCE-4585-B7F9-AFB2C84390F7} => pcalua.exe -a C:\Users\John\Downloads\install_backblaze.exe -d C:\Users\John\Downloads
Task: {6196A9FE-E233-4C93-9E75-DC1F2DC6EE58} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {7EAF7783-423A-44E1-B010-436DBDCDBE40} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {A6C60DF3-FFEB-4537-A3B2-2D89C8FE6E58} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {BC842465-2184-450E-881F-EAD3D253987D} - System32\Tasks\{4A931D54-E9BE-4400-8D2C-9B7E62AC3B71} => pcalua.exe -a C:\Users\John\Downloads\S-VNX2__-020301WF-NSAEN-64BIT_.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {D0D9B56C-427C-4B22-8A0D-5868B8D39C14} - System32\Tasks\{3C3B8694-343F-4DE7-B830-63FB49769ACE} => Firefox.exe http://ui.skype.com/...#38;page=tsMain
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2010-11-02 14:58 - 2010-11-02 14:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-01-14 13:22 - 2013-03-14 23:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-07 11:29 - 2015-05-15 19:01 - 00235712 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-11-02 14:58 - 2010-11-02 14:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-10-31 13:07 - 2010-11-12 14:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-01-07 08:34 - 2012-11-20 01:03 - 00812544 _____ () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
2014-03-07 11:29 - 2015-05-15 19:01 - 00490176 _____ () C:\Program Files (x86)\Backblaze\bzbui.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 16:12 - 2014-08-30 16:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-07 08:34 - 2012-04-26 14:38 - 20758016 _____ () C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
2010-08-03 17:39 - 2010-08-03 17:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 17:39 - 2010-08-03 17:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-09-04 17:06 - 2014-08-05 09:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-04 17:06 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-04-12 10:36 - 2015-03-19 01:46 - 00867592 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
2015-04-12 10:36 - 2013-12-10 06:31 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
2015-04-12 10:36 - 2013-12-10 06:31 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
2015-04-12 10:36 - 2013-12-10 06:31 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
2015-04-12 10:36 - 2013-12-10 06:31 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
2014-12-02 09:24 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-777044968-2926712198-4189444973-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.157.8.33 - 181.48.0.232
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
MSCONFIG\startupreg: THGuard => "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{4121E59B-97AD-469F-97A6-BB137C1A1374}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3F058AE9-6777-4D3E-A759-D9EB42907EC9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3B275B5C-704A-4522-8A7F-B0DE906D8CA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{98047BD2-AF2B-4584-BAC5-9E856C08CE7D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{1297F6E6-4B44-4A67-8E91-A5036A8AC9CB}C:\program files (x86)\bittorrent\bittorrent.exe] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{5BA302C7-0802-48C4-99D5-F083C4D2EECE}C:\program files (x86)\bittorrent\bittorrent.exe] => (Block) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{249E256B-54CD-4A0A-835D-3909E4F370E7}] => (Allow) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6CAA5347-30D0-4BB1-8444-6A683B22296E}] => (Allow) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{6DDA9ABA-26D8-40AB-BC20-5F5CF422E153}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{227DB363-6146-438C-92DD-4FBF7D355A48}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [{91FD69AD-2749-4AA0-B39D-8CD688F3D121}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{41625CE9-D9ED-4B41-956A-F60D185882D3}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{BB7394F8-042E-4D50-AAF4-F1F03D7A1496}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{5DAEDF9F-83D8-4F83-A23E-92945691D18E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{57B0EBEA-6B95-4B26-9BBB-18032D300F67}] => (Allow) LPort=3306
FirewallRules: [{A7D35646-A57D-4AA7-84AA-DE61C25D958D}] => (Allow) LPort=3306
FirewallRules: [{44207FBA-9CF8-42E8-B6EB-7CF4646BCF0E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{803E0E53-D879-42B2-94DA-DA1C7C706952}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4BF5E6D7-AB2A-4074-8DCB-543F65CBD7AC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CD17F013-E561-4CF1-94A1-6E337A3B90F6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FC8F50C6-55CC-495B-86A2-B48B36597749}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9E5D8C66-9E22-4463-BFE2-42DA2AA65BBA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BFD355BE-4E9D-4AB7-B713-001EE981F442}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{74A56AFE-BE6D-4441-9F9F-046DAC75AE22}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{FCE45A9D-DDB1-49D9-BF63-E76B9FA38DC7}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{92F0C351-CF4B-48CE-99CA-E1D4315EE7AC}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{430DC851-19BB-460B-9382-E2CC4A0881BC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{47445B4B-D8A0-4BF2-B19D-34F0E192B43D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{A1610976-8052-42F9-8B6F-E6A66AA4782D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{C4CF89D0-94B5-4E9A-984F-49F1FA5DEF01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{C0CE489A-3EEB-4FC5-8970-ACD357F3520A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{8A8E3C42-AAF1-455A-8645-A75F76A0A00B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F101ABA2-4747-4889-AC02-6CCCEDA48344}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{963316A2-0035-467F-A00F-BE36EE132062}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{2B99D1BF-D136-4567-BC3D-496C495F9BA7}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{3EB59697-EFBC-4A47-A31C-151FD98839B2}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe
FirewallRules: [{E3788022-0DFC-4B26-9EDA-0C29D4221EC2}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{1B3E09A0-3841-4A87-BA67-8E1539D363D4}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
==================== Faulty Device Manager Devices =============
Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Viscosity Virtual Adapter V9.1 #2
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Viscosity Virtual Adapter V9.1 #3
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2015 03:25:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/12/2015 03:25:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATH.exe, version: 17.492.0.84, time stamp: 0x550cacc1
Faulting module name: objc.dll, version: 1.528.0.129, time stamp: 0x54c60fe9
Exception code: 0xc0000005
Fault offset: 0x00006be4
Faulting process id: 0x1edc
Faulting application start time: 0xATH.exe0
Faulting application path: ATH.exe1
Faulting module path: ATH.exe2
Report Id: ATH.exe3
Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ATH.exe, version: 17.492.0.84, time stamp: 0x550cacc1
Faulting module name: objc.dll, version: 1.528.0.129, time stamp: 0x54c60fe9
Exception code: 0xc0000005
Fault offset: 0x00006be4
Faulting process id: 0xf58
Faulting application start time: 0xATH.exe0
Faulting application path: ATH.exe1
Faulting module path: ATH.exe2
Report Id: ATH.exe3
Error: (07/12/2015 12:36:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.
Operation:
Instantiating VSS server
Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
Operation:
Instantiating VSS server
Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (07/12/2015 11:55:18 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x80070005).
System errors:
=============
Error: (07/13/2015 09:04:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069
Error: (07/13/2015 09:04:59 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (07/12/2015 03:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (07/12/2015 03:29:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/12/2015 03:29:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/12/2015 03:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (07/12/2015 03:29:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/12/2015 03:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (07/12/2015 03:27:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (07/12/2015 03:27:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Microsoft Office:
=========================
Error: (07/12/2015 03:25:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe
Error: (07/12/2015 03:25:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe
Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ATH.exe17.492.0.84550cacc1objc.dll1.528.0.12954c60fe9c000000500006be41edc01d0bcd994bbe448C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll6e737fd4-28cd-11e5-9170-0090f5c384a9
Error: (07/12/2015 02:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ATH.exe17.492.0.84550cacc1objc.dll1.528.0.12954c60fe9c000000500006be4f5801d0bcd9b89db38dC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll6e7358c4-28cd-11e5-9170-0090f5c384a9
Error: (07/12/2015 12:36:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
Operation:
Instantiating VSS server
Error: (07/12/2015 12:36:29 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
Operation:
Instantiating VSS server
Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (07/12/2015 12:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (07/12/2015 11:55:18 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80070005
CodeIntegrity Errors:
===================================
Date: 2015-07-12 12:05:36.175
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-12 12:05:36.113
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-12 12:05:36.066
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-12 12:05:36.019
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-04 20:36:32.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-04 20:36:32.543
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-04 17:17:34.291
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-04 17:17:34.291
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-04 17:17:34.291
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-05-04 17:17:34.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i7-2820QM CPU @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 8169.4 MB
Available physical RAM: 4870.71 MB
Total Virtual: 16337 MB
Available Virtual: 12863.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:953.77 GB) (Free:339.95 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:698.54 GB) (Free:83.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 01557017)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=953.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 097E2604)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
==================== End of log ============================