Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bestdriverstar/Anythicago/simplesitescan "Threat Detected"


  • This topic is locked This topic is locked
13 replies to this topic

#1 jkarl

jkarl

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 07 July 2015 - 05:50 PM

Hello,

I am having the same problem as many on here and similar to http://www.bleepingcomputer.com/forums/t/580648/frequent-avast-threat-detected-warnings-but-malware-tools-find-nothing/

 

I am running Windows 7 Home Premium SP1,

 

Have ran ADWCleaner, Avast Free, Malwarebytes Anti-Malware, Microsoft security essentials and everything comes clean. I am getting the random "Threat detected" messages from AVAST upon waking the computer up.

 

Some Sample URLS it is blocking

alwaysisobar.com/4141/TroubleFix_142669690001746.dll
simplesitescan.net/4141/LibraryProc_142667285206710.dll
bestdriverstar.net/4141/CutterGeneration_142669028246641.dll
anythicago.com/4141/CutterSystem_142669222915982.dll
simplesitescan.net/4141/CutterGeneration_142669028215736.dll

Opticguardzip.net

 

Thanks


Edited by jkarl, 07 July 2015 - 05:52 PM.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 11 July 2015 - 11:32 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, jkarl

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Do you still need help?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 jkarl

jkarl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 12 July 2015 - 03:37 PM

Thanks! Yes I still need help.

#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 13 July 2015 - 07:53 AM

Hello,

Very well.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 jkarl

jkarl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 14 July 2015 - 12:03 AM

Ok Thanks conspire

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Valued Customer (administrator) on AVA-406270-1 on 14-07-2015 00:01:17
Running from C:\Users\Valued Customer\Desktop
Loaded Profiles: Valued Customer (Available Profiles: Valued Customer & Kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(DoD PKE Engineering) C:\Program Files (x86)\DoD-PKE\InstallRoot\InstallRootService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU1\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU1\LogitechUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3125976 2013-09-23] (Disc Soft Ltd)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [Turn Off Monitor] => C:\Program Files (x86)\Turn Off Monitor\TurnOffMon.exe :silent
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [Auto LogOff] => C:\Program Files (x86)\Turn Off Monitor\AutoLogOff.exe :silent
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-05-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-06] (Electronic Arts)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: G - G:\SETUP.EXE
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {056265cb-b326-11e2-8101-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {4635e0ca-1f8e-11e3-9ff5-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {7ee17cca-5ff1-11e2-bcef-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {90ef4877-2abe-11e3-874b-60a44ccf3f86} - G:\SETUP.EXE
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {bfd1ab20-12c1-11e0-9f88-806e6f6e6963} - D:\.\Bin\Assetup.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {d98bf2ca-3ad8-11e1-9a27-806e6f6e6963} - D:\Bin\assetup.exe
Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2014-12-06]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2013-09-25]
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-1215559615-4072840042-3781464165-1004\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]  <======= ATTENTION (Policy restriction on ProxySettings)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U270&ocid=U270DHP
SearchScopes: HKLM -> {C849CEA7-D7A7-4357-BA8A-CFDBE6210F14} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-06-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-18] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-13] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-18] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-04] (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69E57C06-049E-4C32-8F93-FAEFAE04AFC0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7B63A196-C429-47E6-AA3C-746313B4AD21}: [DhcpNameServer] 137.107.3.150 137.107.2.1

FireFox:
========
FF ProfilePath: C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-06-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Extension: DoD Configuration - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090\Extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087} [2015-06-19]
FF Extension: nzbdStatus - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090\Extensions\sabnzbdstatus@dq5studios.com.xpi [2015-03-03]
FF Extension: Adblock Plus - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-18] (Avast Software s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [654552 2013-09-23] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-05-01] (SEIKO EPSON CORPORATION)
R2 InstallRoot; C:\Program Files (x86)\DoD-PKE\InstallRoot\InstallRootService.exe [756344 2015-02-13] (DoD PKE Engineering)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-06] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-07] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-18] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-10-01] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PMUSB2G; C:\Windows\System32\Drivers\PMUSB.sys [26624 2009-03-24] (PassMark Software)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 00:01 - 2015-07-14 00:01 - 00025311 _____ C:\Users\Valued Customer\Desktop\FRST.txt
2015-07-14 00:01 - 2015-07-14 00:01 - 00000000 ____D C:\FRST
2015-07-13 23:57 - 2015-07-13 23:58 - 02133504 _____ (Farbar) C:\Users\Valued Customer\Desktop\FRST64.exe
2015-07-12 18:21 - 2015-07-12 18:21 - 00002208 _____ C:\Users\Valued Customer\Desktop\Online Viewer V0113.lnk
2015-07-12 18:21 - 2015-07-12 18:21 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Contractor Classes
2015-07-12 18:21 - 2015-07-12 18:21 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Contractor Classes
2015-07-12 18:20 - 2015-07-12 18:20 - 86457954 _____ C:\Users\Valued Customer\Downloads\Online_V0113_GBR.exe
2015-07-12 18:19 - 2015-07-12 18:19 - 00323285 _____ C:\Users\Valued Customer\Downloads\start.zip
2015-07-07 17:57 - 2015-07-07 17:57 - 00242712 _____ C:\Users\Valued Customer\Downloads\Firefox Setup Stub 39.0.exe
2015-06-19 21:59 - 2015-06-19 21:59 - 05939984 _____ C:\Users\Valued Customer\Downloads\Smart_Card_Manager-1.0.1-6-2(1).exe
2015-06-19 21:59 - 2015-06-19 21:59 - 00001948 _____ C:\Users\Kids\Desktop\Smart Card Manager.lnk
2015-06-19 21:41 - 2015-06-19 21:41 - 00001189 _____ C:\Users\Public\Desktop\InstallRoot 4.1.lnk
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\DoD-PKE
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoD-PKE
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 ____D C:\Program Files (x86)\DoD-PKE
2015-06-19 21:40 - 2015-06-19 21:40 - 09186304 _____ C:\Users\Valued Customer\Downloads\InstallRoot_4.1x32.msi
2015-06-19 21:33 - 2015-06-19 21:33 - 02538496 _____ C:\Users\Valued Customer\Downloads\opensc-0.13.0-win32(1).msi
2015-06-18 17:39 - 2015-06-18 17:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-18 17:39 - 2015-06-18 17:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 00:00 - 2014-01-23 08:48 - 00000000 ____D C:\Users\Valued Customer\Desktop\HomePics
2015-07-13 23:55 - 2010-12-28 12:40 - 02071586 _____ C:\Windows\WindowsUpdate.log
2015-07-13 23:54 - 2014-10-16 21:20 - 00000911 _____ C:\Windows\Tasks\EPSON XP-410 Series Update {BEAF1A67-B16C-4804-A218-450E80458F8F}.job
2015-07-13 23:54 - 2014-10-16 21:20 - 00000725 _____ C:\Windows\Tasks\EPSON XP-410 Series Invitation {BEAF1A67-B16C-4804-A218-450E80458F8F}.job
2015-07-13 23:54 - 2013-09-30 19:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 23:54 - 2013-09-30 18:24 - 00000911 _____ C:\Windows\Tasks\EPSON XP-410 Series Update {F501C069-3CC5-4CD9-B97D-631A6BA9AE91}.job
2015-07-13 23:54 - 2013-09-30 18:24 - 00000725 _____ C:\Windows\Tasks\EPSON XP-410 Series Invitation {F501C069-3CC5-4CD9-B97D-631A6BA9AE91}.job
2015-07-13 10:24 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-12 17:47 - 2015-03-04 21:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-08 20:29 - 2013-09-30 19:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 20:29 - 2013-09-30 19:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 20:29 - 2013-09-30 19:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-07 19:05 - 2009-07-13 23:45 - 00033216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-07 19:05 - 2009-07-13 23:45 - 00033216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-07 19:01 - 2009-07-14 00:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 18:57 - 2015-06-10 11:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-07 18:57 - 2015-02-27 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 18:57 - 2013-09-25 08:54 - 00102133 _____ C:\Windows\setupact.log
2015-07-07 18:57 - 2011-02-25 10:58 - 00321146 _____ C:\Windows\PFRO.log
2015-07-07 18:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 17:59 - 2013-10-01 14:25 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Adobe
2015-07-07 17:58 - 2015-02-27 22:16 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 17:58 - 2015-02-27 22:16 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-07 17:39 - 2015-03-04 21:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-05 05:08 - 2010-12-28 12:57 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-19 21:59 - 2014-12-19 11:47 - 00001948 _____ C:\Users\Valued Customer\Desktop\Smart Card Manager.lnk
2015-06-19 21:59 - 2014-12-19 11:47 - 00000000 ____D C:\Windows\egate2.4
2015-06-19 21:56 - 2014-11-06 12:36 - 00000000 ____D C:\ProgramData\Origin
2015-06-18 17:39 - 2015-03-04 21:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys

==================== Files in the root of some directories =======

2010-05-14 17:01 - 2010-05-14 17:01 - 0002917 _____ () C:\Program Files (x86)\uninstal.log
2014-12-01 19:42 - 2014-12-01 19:45 - 0005120 _____ () C:\Users\Valued Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-27 17:57 - 2015-02-27 17:57 - 0000906 _____ () C:\ProgramData\JunkCleaner.lnk
2013-10-21 20:10 - 2013-10-21 20:10 - 0000949 _____ () C:\ProgramData\Turn Off Monitor.ini

Some files in TEMP:
====================
C:\Users\Valued Customer\AppData\Local\Temp\84119B98-C705-4D51-7590-22C23A5B69FD.dll
C:\Users\Valued Customer\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Valued Customer\AppData\Local\Temp\burnsetup.exe
C:\Users\Valued Customer\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Valued Customer\AppData\Local\Temp\downloader.dll
C:\Users\Valued Customer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8dz1uu.dll
C:\Users\Valued Customer\AppData\Local\Temp\ffmpeg16.exe
C:\Users\Valued Customer\AppData\Local\Temp\gamecapturehook2.exe
C:\Users\Valued Customer\AppData\Local\Temp\java-installer.exe
C:\Users\Valued Customer\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Valued Customer\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Valued Customer\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Valued Customer\AppData\Local\Temp\ose00000.exe
C:\Users\Valued Customer\AppData\Local\Temp\ose00001.exe
C:\Users\Valued Customer\AppData\Local\Temp\Procmon64.exe
C:\Users\Valued Customer\AppData\Local\Temp\Quarantine.exe
C:\Users\Valued Customer\AppData\Local\Temp\setwiz_i.exe
C:\Users\Valued Customer\AppData\Local\Temp\sqlite3.dll
C:\Users\Valued Customer\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Valued Customer\AppData\Local\Temp\vpsetup.exe
C:\Users\Valued Customer\AppData\Local\Temp\zlicense.exe
C:\Users\Valued Customer\AppData\Local\Temp\_is72C2.exe
C:\Users\Valued Customer\AppData\Local\Temp\_is7DF5.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-18 18:18

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Valued Customer at 2015-07-14 00:01:34
Running from C:\Users\Valued Customer\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1215559615-4072840042-3781464165-500 - Administrator - Disabled)
Guest (S-1-5-21-1215559615-4072840042-3781464165-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1215559615-4072840042-3781464165-1003 - Limited - Enabled)
Kids (S-1-5-21-1215559615-4072840042-3781464165-1004 - Limited - Enabled) => C:\Users\Kids
Valued Customer (S-1-5-21-1215559615-4072840042-3781464165-1000 - Administrator - Enabled) => C:\Users\Valued Customer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.0.0.0159 - Disc Soft Ltd)
Disney Infinity PC (HKLM-x32\...\{11CB229E-8A2B-40FD-8670-4EC92D3DDAD5}) (Version: 1.85.4161 - Disney Interactive)
Dropbox (HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.1.52 - Stanford University)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
InstallRoot (HKLM-x32\...\{7916F3BE-0C70-49E0-A875-41BE86BDCE85}) (Version: 4.1 - DoD PKE)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3055 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iTunesDSM (HKLM-x32\...\iTunesDSM) (Version: 0.9.6 - Brian Gibowski)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Junk Cleaner (x32 Version: 1.1.6.2 - Pandaje Group) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenSC (64bit) (HKLM\...\{2BD837A9-207C-40C1-A497-3A823C4CDE0D}) (Version: 0.12.2.0 - OpenSC Project)
OpenSC (HKLM-x32\...\{0707CEBF-DD03-4042-B2AF-F48F0DFF6A53}) (Version: 0.13.0.0 - OpenSC Project)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PAR Buddy 2.80 (64 bit) (HKLM-x32\...\PAR Buddy_is1) (Version:  - K. Timmermann)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.2.1 - Samsung Electronics)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Smart Card Manager (HKLM-x32\...\Smart Card Manager) (Version: 1.0.1-6-2 - nabber.org)
Smart Card Manager 1.0.1-6 (HKLM-x32\...\Smart Card Manager_is1) (Version:  - Fedora)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.33.1010 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
TTL4v1.2.1Full (HKLM-x32\...\{263D4880-F5D2-4AA6-9AAF-BBC03C0EA29B}) (Version: 1.2.1 - Sunburst Technology)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

13-06-2015 11:14:31 End of disinfection
13-06-2015 11:18:26 Removed Java 7 Update 51
13-06-2015 11:19:23 Installed Java 7 Update 67 (64-bit)
16-06-2015 18:05:15 Windows Update
18-06-2015 17:38:59 avast! antivirus system restore point
18-06-2015 17:48:23 Windows Backup
19-06-2015 21:36:54 Windows Update
19-06-2015 21:40:54 Installed InstallRoot
27-06-2015 02:10:50 Windows Update
27-06-2015 14:17:57 Windows Backup
07-07-2015 06:25:08 Windows Update
07-07-2015 17:17:32 Windows Backup
10-07-2015 15:56:18 Windows Update
12-07-2015 19:00:03 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-10-01 16:44 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {065FF316-2887-44D4-AAA3-FD59128E4526} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-3 No Task File <==== ATTENTION
Task: {0C8B94CD-B057-4C60-8062-2B6BC01576D5} - \add6d786-9673-48c8-aa14-95ac7c7e050b-6 No Task File <==== ATTENTION
Task: {11A14A57-4E19-4F7B-953A-446A8BE7E12D} - System32\Tasks\EPSON XP-410 Series Invitation {BEAF1A67-B16C-4804-A218-450E80458F8F} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-05-01] (SEIKO EPSON CORPORATION)
Task: {11FA8892-2DAC-4C23-BC67-1A846DC72B6F} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-10_user No Task File <==== ATTENTION
Task: {180E9F62-6A47-4590-A556-492EBA136398} - System32\Tasks\EPSON XP-410 Series Update {BEAF1A67-B16C-4804-A218-450E80458F8F} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-05-01] (SEIKO EPSON CORPORATION)
Task: {21C1691D-28F9-4446-88AD-A74B0FB175BF} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__323832313933313032312d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {228A39B0-80CB-40A9-A74B-2178C9F707B1} - \add6d786-9673-48c8-aa14-95ac7c7e050b-11 No Task File <==== ATTENTION
Task: {29CC2D9E-EBDE-4A75-A6D5-54772FE145E2} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-11 No Task File <==== ATTENTION
Task: {2E7B7313-2D3C-4BD2-BA1A-422BA5B5FD7E} - \add6d786-9673-48c8-aa14-95ac7c7e050b-4 No Task File <==== ATTENTION
Task: {38DA6186-6595-4164-8E71-A5F82D27DAFE} - \add6d786-9673-48c8-aa14-95ac7c7e050b-5_user No Task File <==== ATTENTION
Task: {39FBC60F-FD53-43C5-AE30-359327D96B8E} - \CIMT_S-1-5-21-1215559615-4072840042-3781464165-1000 No Task File <==== ATTENTION
Task: {4B477E28-0555-4085-8D69-5077DD409BBA} - System32\Tasks\AdobeAAMUpdater-1.0-AVA-406270-1-Valued Customer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {4B5EA05B-1404-42F1-80CC-05FA733D1EC1} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {4CE1FEEE-E389-418D-97AF-1A5FEB74C874} - System32\Tasks\Opera scheduled Autoupdate 1425077857 => C:\Program Files (x86)\Opera\launcher.exe
Task: {4F1943A7-6F06-4DF9-83D8-7248776D9094} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-5 No Task File <==== ATTENTION
Task: {522C4DBF-DD46-4304-A79A-B18478536F22} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-6 No Task File <==== ATTENTION
Task: {54B3EA46-0A79-4A06-833F-8D181E155D9F} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-7 No Task File <==== ATTENTION
Task: {56557F26-E843-462A-B41C-DB6E417BAAE1} - System32\Tasks\{66AD2FDC-0A83-4058-9450-A838E02C335D} => pcalua.exe -a D:\setup.exe -d D:\
Task: {5BB3E349-81B7-4BEE-A8FE-718D63F4A1FF} - \CIMT_daily_S-1-5-21-1215559615-4072840042-3781464165-1000 No Task File <==== ATTENTION
Task: {5C452A88-C4FB-4743-9F11-BB444F0908AB} - \add6d786-9673-48c8-aa14-95ac7c7e050b-5 No Task File <==== ATTENTION
Task: {6014FDD8-8929-4520-A8F5-A5D5E4C6347E} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {665500D5-E822-4217-8940-2A5DB330D461} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-5_user No Task File <==== ATTENTION
Task: {67F56647-6F25-4C92-8058-3B7718BB6D4D} - \add6d786-9673-48c8-aa14-95ac7c7e050b-7 No Task File <==== ATTENTION
Task: {8426AF12-0E1C-451B-80EE-C4DA447EA2B0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {860123BC-01B2-4606-89C9-7939A174F4F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8F1725A3-78CC-4EA0-A9DB-EF2B2F8DE903} - System32\Tasks\EPSON XP-410 Series Invitation {F501C069-3CC5-4CD9-B97D-631A6BA9AE91} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-05-01] (SEIKO EPSON CORPORATION)
Task: {9B32B8FA-BB7E-405D-8699-CABDAF0F65DF} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-1-7 No Task File <==== ATTENTION
Task: {9B7AD747-D38C-4BC4-87FA-F7C6D54E02A0} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {9C6A534B-B1B4-41B2-8B9E-04611C5CF10C} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-4 No Task File <==== ATTENTION
Task: {9FFF2689-2075-4B35-B008-7D6A3F2BE50D} - \add6d786-9673-48c8-aa14-95ac7c7e050b-10_user No Task File <==== ATTENTION
Task: {A5AB3451-353A-4D91-A26E-3B6571EB2D78} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {B058A543-25E9-4FC3-ABAC-6C57B3FE4063} - System32\Tasks\RPC => C:\Program Files (x86)\Regprocleaner\Regprocleaner.exe
Task: {B4EE1F30-E3EF-48EA-99E1-CDDBE821710E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BC91D22B-5008-402F-B5AC-0E4DA74007D8} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-1-6 No Task File <==== ATTENTION
Task: {BFCF6435-7CE1-4D01-AD46-55ED792A7BC2} - System32\Tasks\EPSON XP-410 Series Update {F501C069-3CC5-4CD9-B97D-631A6BA9AE91} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-05-01] (SEIKO EPSON CORPORATION)
Task: {DBBC74B5-9209-40DE-8939-8256472C1095} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DE79F2FC-6943-4720-B4CE-05CAC8CD607F} - \SMW_UpdateTask_Time_323832313933313032312d5737325a786c5a3237344541 No Task File <==== ATTENTION
Task: {EC8CDA6E-9D7A-4C16-8060-545296ADEBF8} - \add6d786-9673-48c8-aa14-95ac7c7e050b-1-7 No Task File <==== ATTENTION
Task: {F40E241C-8FE2-4D89-9F57-5DEF95E2DE2B} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: {F8CE51BA-C194-4C9E-99DC-EA39F0B4F3AA} - \add6d786-9673-48c8-aa14-95ac7c7e050b-1-6 No Task File <==== ATTENTION
Task: {FF7B6683-5A12-4736-BEB9-80733FE71672} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {BEAF1A67-B16C-4804-A218-450E80458F8F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {F501C069-3CC5-4CD9-B97D-631A6BA9AE91}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {BEAF1A67-B16C-4804-A218-450E80458F8F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE:/EXE:{BEAF1A67-B16C-4804-A218-450E80458F8F} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {F501C069-3CC5-4CD9-B97D-631A6BA9AE91}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE:/EXE:{F501C069-3CC5-4CD9-B97D-631A6BA9AE91} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (Whitelisted) ==============

2013-09-24 13:28 - 2012-10-29 02:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2013-09-30 19:20 - 2014-12-06 08:28 - 00104960 _____ () C:\Program Files (x86)\SABnzbd\SABnzbd.exe
2015-05-30 07:18 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2015-06-18 17:39 - 2015-06-18 17:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-18 17:39 - 2015-06-18 17:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-07 17:07 - 2015-07-07 17:07 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070701\algo.dll
2015-07-13 07:31 - 2015-07-13 07:31 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071300\algo.dll
2015-07-13 23:54 - 2015-07-13 23:54 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071301\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-24 13:28 - 2015-07-07 18:57 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-09-24 13:28 - 2012-05-07 11:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2015-02-13 11:48 - 2015-02-13 11:48 - 03333752 _____ () C:\Program Files (x86)\DoD-PKE\InstallRoot\IrTampLib_SWIG_vc.DLL
2013-09-24 13:36 - 2013-02-15 15:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-30 19:20 - 2014-12-06 08:28 - 00053248 _____ () C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00671744 _____ () C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00294912 _____ () C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00102400 _____ () C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00118784 _____ () C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2013-09-30 19:20 - 2014-12-06 08:28 - 00013824 _____ () C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00036864 _____ () C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00057344 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00007168 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00037888 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00086016 _____ () C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00049152 _____ () C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00546205 _____ () C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2013-09-30 19:20 - 2014-12-06 08:28 - 00008192 _____ () C:\Program Files (x86)\SABnzbd\lib\select.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00009728 _____ () C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00012288 _____ () C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00135168 _____ () C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00040960 _____ () C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00110592 _____ () C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00014848 _____ () C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00024576 _____ () C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00019968 _____ () C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00155648 _____ () C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2013-09-30 19:20 - 2014-12-06 08:28 - 00176128 _____ () C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2015-03-04 21:12 - 2015-03-04 21:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-30 07:17 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-07-08 20:29 - 2015-07-08 20:29 - 17418416 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll
2014-03-12 12:29 - 2014-03-12 12:29 - 16276872 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2015-07-07 17:59 - 2015-07-07 17:59 - 17321648 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7D2B6D43-A6A4-44AB-9E39-37C9A476CEE2}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [UDP Query User{1CABB038-9487-4DAA-8A73-455DBD92A7E7}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [TCP Query User{2074D6CE-D525-423C-BF63-B031285B3C64}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [UDP Query User{1B5127BF-F7FC-4908-91AA-ADAACB8282C4}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [TCP Query User{08AB31A8-A19D-4191-9465-7BB24EC55266}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{92F3828E-8BF3-4112-9E07-83C39D7311FB}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [TCP Query User{D7B66714-1A4A-4E21-B60F-1910136534C8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{13C7EAEC-760E-4C04-961E-4345B4AFE0DE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0A5AE5DA-7105-4DE2-818A-5690DC267EE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1C2FFDC5-A1FB-4DE2-A4F1-5C1A48F82373}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{2B149708-D855-46EE-885C-F6D405CDADA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CFA3814-393F-47A5-8A41-F0FE85F778E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B9C3022B-1EBF-4BF8-A9B0-65C85DF99685}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF1A3279-49D8-433D-ADDF-5A66EFA6315D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{B63173FE-4A92-4E92-BA63-BFB3CD508B95}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{2C802626-B545-4B8D-93E5-710F19E5ED4D}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{FDFC32B0-4342-4E81-9CDB-DC8E0E66CDF4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0C481B23-0A9D-4E17-87FC-EBC890BA2625}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6D9EEF09-0F2B-4C82-BE05-C0F98EB67409}C:\program files (x86)\roblox\versions\version-75631059d2764d7a\robloxstudiobeta.exe] => (Block) C:\program files (x86)\roblox\versions\version-75631059d2764d7a\robloxstudiobeta.exe
FirewallRules: [UDP Query User{358389FA-CB80-433C-B75D-DCBCDDC2AA6D}C:\program files (x86)\roblox\versions\version-75631059d2764d7a\robloxstudiobeta.exe] => (Block) C:\program files (x86)\roblox\versions\version-75631059d2764d7a\robloxstudiobeta.exe
FirewallRules: [TCP Query User{1186DAB4-73DC-4279-90F2-E07AE5E4D021}C:\program files (x86)\disney interactive\disney infinity pc\disneyinfinity.exe] => (Allow) C:\program files (x86)\disney interactive\disney infinity pc\disneyinfinity.exe
FirewallRules: [UDP Query User{D989166B-D8AF-4993-8B43-22855F7DA12F}C:\program files (x86)\disney interactive\disney infinity pc\disneyinfinity.exe] => (Allow) C:\program files (x86)\disney interactive\disney infinity pc\disneyinfinity.exe
FirewallRules: [{758B29DA-3E05-4600-A4C0-4F1DF5CC19E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{679BE12E-1C4F-4C4E-AC51-16F51C9B378F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BFD3F4C2-B7F7-4F0B-87EC-BA8B0F1A15DA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{869BF52A-310B-447C-AB61-8490D9DDAB4A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2CBFBA08-633A-4C7C-B999-5BDAE8D72166}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{07F26DB2-FA48-41E9-B3C9-0769377B0A7B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{558A995E-2767-4C6B-8335-CEDB134A307F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{FAB14023-CC88-4FAF-9D81-940BDE0E302D}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{697CD3FB-78B6-4570-867A-227C15BF13E5}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{5836CFA8-EEC2-4E02-966D-FF66B158B134}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECA3B87F-4162-4433-BD57-A7312F0D221C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89590187-1A9F-4C2E-BAD3-2625AF2A29EC}] => (Allow) C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2448CF7C-FDE6-41C0-88A0-008DDDA23B4E}] => (Allow) C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2AE39E69-5370-4AE5-A93C-4FBE69C17C12}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{B37F6490-1058-4ACE-B29C-8E1F20FDAD11}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [TCP Query User{0594091A-EEBC-437E-AECD-828A80A6C4D5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BECAB651-1190-4A83-962B-3B525F57C892}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: e-gate Virtual Reader Enumerator
Description: e-gate Virtual Reader Enumerator
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2015 11:14:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (07/13/2015 11:14:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (07/13/2015 11:14:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2015 10:01:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (07/12/2015 10:01:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (07/12/2015 10:01:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2015 10:01:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (07/12/2015 10:01:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (07/12/2015 10:01:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2015 08:43:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995


System errors:
=============
Error: (07/07/2015 06:58:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/07/2015 06:58:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/07/2015 06:57:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:54:27 PM on ‎7/‎7/‎2015 was unexpected.

Error: (07/07/2015 06:14:27 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The device has been removed.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0GET_STATEXX XX XX XX

Error: (06/19/2015 11:00:42 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The device has been removed.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0GET_STATEXX XX XX XX

Error: (06/19/2015 11:00:36 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: No media in drive.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0POWER00 00 00 00

Error: (06/19/2015 10:06:11 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (06/19/2015 10:06:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (06/19/2015 10:04:12 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The device has been removed.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0GET_STATEXX XX XX XX

Error: (06/19/2015 10:04:12 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The device has been removed.SCM Microsystems Inc. SCR33x USB Smart Card Reader 0GET_STATEXX XX XX XX


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-27 20:24:35.761
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-27 20:24:35.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 7873.28 MB
Available physical RAM: 5759.86 MB
Total Virtual: 15744.77 MB
Available Virtual: 11190.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:72.37 GB) NTFS
Drive d: (BROTHER) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
Drive e: (Media) (Fixed) (Total:931.5 GB) (Free:154.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1AD87D27)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E4A193E6)
Partition 2: (Active) - (Size=931.5 GB) - (Type=05)

==================== End of log ============================



#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 14 July 2015 - 07:57 AM

Hi,

Download attached fixlist.txt file and save it to the Desktop.

Attached File  fixlist.txt   3.72KB   5 downloads

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply and fresh FRST log.

===================================================

On your next reply please post :
Fix log
Fresh FRST log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 jkarl

jkarl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 14 July 2015 - 05:00 PM

Thanks Much! Here you go.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Valued Customer at 2015-07-14 16:56:31 Run:1
Running from C:\Users\Valued Customer\Desktop
Loaded Profiles: Valued Customer (Available Profiles: Valued Customer & Kids)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: G - G:\SETUP.EXE
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {056265cb-b326-11e2-8101-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {4635e0ca-1f8e-11e3-9ff5-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {7ee17cca-5ff1-11e2-bcef-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {90ef4877-2abe-11e3-874b-60a44ccf3f86} - G:\SETUP.EXE
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {bfd1ab20-12c1-11e0-9f88-806e6f6e6963} - D:\.\Bin\Assetup.exe
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {d98bf2ca-3ad8-11e1-9a27-806e6f6e6963} - D:\Bin\assetup.exe
GroupPolicyUsers\S-1-5-21-1215559615-4072840042-3781464165-1004\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]  <======= ATTENTION (Policy restriction on ProxySettings)
SearchScopes: HKLM -> {C849CEA7-D7A7-4357-BA8A-CFDBE6210F14} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {065FF316-2887-44D4-AAA3-FD59128E4526} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-3 No Task File <==== ATTENTION
Task: {0C8B94CD-B057-4C60-8062-2B6BC01576D5} - \add6d786-9673-48c8-aa14-95ac7c7e050b-6 No Task File <==== ATTENTION
Task: {11FA8892-2DAC-4C23-BC67-1A846DC72B6F} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-10_user No Task File <==== ATTENTION
Task: {228A39B0-80CB-40A9-A74B-2178C9F707B1} - \add6d786-9673-48c8-aa14-95ac7c7e050b-11 No Task File <==== ATTENTION
Task: {29CC2D9E-EBDE-4A75-A6D5-54772FE145E2} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-11 No Task File <==== ATTENTION
Task: {2E7B7313-2D3C-4BD2-BA1A-422BA5B5FD7E} - \add6d786-9673-48c8-aa14-95ac7c7e050b-4 No Task File <==== ATTENTION
Task: {38DA6186-6595-4164-8E71-A5F82D27DAFE} - \add6d786-9673-48c8-aa14-95ac7c7e050b-5_user No Task File <==== ATTENTION
Task: {39FBC60F-FD53-43C5-AE30-359327D96B8E} - \CIMT_S-1-5-21-1215559615-4072840042-3781464165-1000 No Task File <==== ATTENTION
Task: {9B32B8FA-BB7E-405D-8699-CABDAF0F65DF} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-1-7 No Task File <==== ATTENTION
Task: {BC91D22B-5008-402F-B5AC-0E4DA74007D8} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-1-6 No Task File <==== ATTENTION
Task: {B058A543-25E9-4FC3-ABAC-6C57B3FE4063} - System32\Tasks\RPC => C:\Program Files (x86)\Regprocleaner\Regprocleaner.exe
Task: {DE79F2FC-6943-4720-B4CE-05CAC8CD607F} - \SMW_UpdateTask_Time_323832313933313032312d5737325a786c5a3237344541 No Task File <==== ATTENTION
Task: {EC8CDA6E-9D7A-4C16-8060-545296ADEBF8} - \add6d786-9673-48c8-aa14-95ac7c7e050b-1-7 No Task File <==== ATTENTION
Task: {F8CE51BA-C194-4C9E-99DC-EA39F0B4F3AA} - \add6d786-9673-48c8-aa14-95ac7c7e050b-1-6 No Task File <==== ATTENTION
Task: {9C6A534B-B1B4-41B2-8B9E-04611C5CF10C} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-4 No Task File <==== ATTENTION
Task: {9FFF2689-2075-4B35-B008-7D6A3F2BE50D} - \add6d786-9673-48c8-aa14-95ac7c7e050b-10_user No Task File <==== ATTENTION
Task: {665500D5-E822-4217-8940-2A5DB330D461} - \49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-5_user No Task File <==== ATTENTION
Task: {67F56647-6F25-4C92-8058-3B7718BB6D4D} - \add6d786-9673-48c8-aa14-95ac7c7e050b-7 No Task File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{056265cb-b326-11e2-8101-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{056265cb-b326-11e2-8101-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4635e0ca-1f8e-11e3-9ff5-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{4635e0ca-1f8e-11e3-9ff5-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ee17cca-5ff1-11e2-bcef-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{7ee17cca-5ff1-11e2-bcef-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90ef4877-2abe-11e3-874b-60a44ccf3f86}" => key removed successfully
HKCR\CLSID\{90ef4877-2abe-11e3-874b-60a44ccf3f86} => key not found.
"HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfd1ab20-12c1-11e0-9f88-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{bfd1ab20-12c1-11e0-9f88-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d98bf2ca-3ad8-11e1-9a27-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{d98bf2ca-3ad8-11e1-9a27-806e6f6e6963} => key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1215559615-4072840042-3781464165-1004\User => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C849CEA7-D7A7-4357-BA8A-CFDBE6210F14}" => key removed successfully
HKCR\CLSID\{C849CEA7-D7A7-4357-BA8A-CFDBE6210F14} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{065FF316-2887-44D4-AAA3-FD59128E4526}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{065FF316-2887-44D4-AAA3-FD59128E4526}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C8B94CD-B057-4C60-8062-2B6BC01576D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C8B94CD-B057-4C60-8062-2B6BC01576D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11FA8892-2DAC-4C23-BC67-1A846DC72B6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11FA8892-2DAC-4C23-BC67-1A846DC72B6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-10_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{228A39B0-80CB-40A9-A74B-2178C9F707B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{228A39B0-80CB-40A9-A74B-2178C9F707B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-11" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29CC2D9E-EBDE-4A75-A6D5-54772FE145E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29CC2D9E-EBDE-4A75-A6D5-54772FE145E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-11" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E7B7313-2D3C-4BD2-BA1A-422BA5B5FD7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E7B7313-2D3C-4BD2-BA1A-422BA5B5FD7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{38DA6186-6595-4164-8E71-A5F82D27DAFE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DA6186-6595-4164-8E71-A5F82D27DAFE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39FBC60F-FD53-43C5-AE30-359327D96B8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39FBC60F-FD53-43C5-AE30-359327D96B8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-1215559615-4072840042-3781464165-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B32B8FA-BB7E-405D-8699-CABDAF0F65DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B32B8FA-BB7E-405D-8699-CABDAF0F65DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-1-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC91D22B-5008-402F-B5AC-0E4DA74007D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC91D22B-5008-402F-B5AC-0E4DA74007D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-1-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B058A543-25E9-4FC3-ABAC-6C57B3FE4063}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B058A543-25E9-4FC3-ABAC-6C57B3FE4063}" => key removed successfully
C:\Windows\System32\Tasks\RPC => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RPC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE79F2FC-6943-4720-B4CE-05CAC8CD607F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE79F2FC-6943-4720-B4CE-05CAC8CD607F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323832313933313032312d5737325a786c5a3237344541" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC8CDA6E-9D7A-4C16-8060-545296ADEBF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC8CDA6E-9D7A-4C16-8060-545296ADEBF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-1-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8CE51BA-C194-4C9E-99DC-EA39F0B4F3AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8CE51BA-C194-4C9E-99DC-EA39F0B4F3AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-1-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C6A534B-B1B4-41B2-8B9E-04611C5CF10C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C6A534B-B1B4-41B2-8B9E-04611C5CF10C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FFF2689-2075-4B35-B008-7D6A3F2BE50D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FFF2689-2075-4B35-B008-7D6A3F2BE50D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-10_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{665500D5-E822-4217-8940-2A5DB330D461}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{665500D5-E822-4217-8940-2A5DB330D461}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\49c1f9dd-3603-41e5-bcd2-16bb4d4122cf-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67F56647-6F25-4C92-8058-3B7718BB6D4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F56647-6F25-4C92-8058-3B7718BB6D4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\add6d786-9673-48c8-aa14-95ac7c7e050b-7" => key removed successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {B5F2E0CE-98AD-4EC1-A994-C0E78B893272}.
{411BAC3C-1621-4C67-8359-CF96EBF45B6B} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 2.5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:56:45 ====

 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Valued Customer (administrator) on AVA-406270-1 on 14-07-2015 16:58:32
Running from C:\Users\Valued Customer\Desktop
Loaded Profiles: Valued Customer (Available Profiles: Valued Customer & Kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(DoD PKE Engineering) C:\Program Files (x86)\DoD-PKE\InstallRoot\InstallRootService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU1\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU1\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3125976 2013-09-23] (Disc Soft Ltd)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [Turn Off Monitor] => C:\Program Files (x86)\Turn Off Monitor\TurnOffMon.exe :silent
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [Auto LogOff] => C:\Program Files (x86)\Turn Off Monitor\AutoLogOff.exe :silent
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-05-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-06] (Electronic Arts)
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\...\MountPoints2: {90ef4877-2abe-11e3-874b-60a44ccf3f86} - G:\SETUP.EXE
Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2014-12-06]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2013-09-25]
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1215559615-4072840042-3781464165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U270&ocid=U270DHP
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-06-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-18] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-13] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-18] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1215559615-4072840042-3781464165-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-04] (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69E57C06-049E-4C32-8F93-FAEFAE04AFC0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7B63A196-C429-47E6-AA3C-746313B4AD21}: [DhcpNameServer] 137.107.3.150 137.107.2.1

FireFox:
========
FF ProfilePath: C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-06-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Extension: DoD Configuration - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090\Extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087} [2015-06-19]
FF Extension: nzbdStatus - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090\Extensions\sabnzbdstatus@dq5studios.com.xpi [2015-03-03]
FF Extension: Adblock Plus - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\iisvqdo2.default-1425093401090\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-18] (Avast Software s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [654552 2013-09-23] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-05-01] (SEIKO EPSON CORPORATION)
R2 InstallRoot; C:\Program Files (x86)\DoD-PKE\InstallRoot\InstallRootService.exe [756344 2015-02-13] (DoD PKE Engineering)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-06] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-18] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-10-01] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PMUSB2G; C:\Windows\System32\Drivers\PMUSB.sys [26624 2009-03-24] (PassMark Software)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 00:01 - 2015-07-14 16:58 - 00022950 _____ C:\Users\Valued Customer\Desktop\FRST.txt
2015-07-14 00:01 - 2015-07-14 16:58 - 00000000 ____D C:\FRST
2015-07-14 00:01 - 2015-07-14 00:01 - 00041738 _____ C:\Users\Valued Customer\Desktop\Addition.txt
2015-07-13 23:57 - 2015-07-13 23:58 - 02133504 _____ (Farbar) C:\Users\Valued Customer\Desktop\FRST64.exe
2015-07-12 18:21 - 2015-07-12 18:21 - 00002208 _____ C:\Users\Valued Customer\Desktop\Online Viewer V0113.lnk
2015-07-12 18:21 - 2015-07-12 18:21 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Contractor Classes
2015-07-12 18:21 - 2015-07-12 18:21 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Contractor Classes
2015-07-12 18:20 - 2015-07-12 18:20 - 86457954 _____ C:\Users\Valued Customer\Downloads\Online_V0113_GBR.exe
2015-07-12 18:19 - 2015-07-12 18:19 - 00323285 _____ C:\Users\Valued Customer\Downloads\start.zip
2015-07-07 17:57 - 2015-07-07 17:57 - 00242712 _____ C:\Users\Valued Customer\Downloads\Firefox Setup Stub 39.0.exe
2015-06-19 21:59 - 2015-06-19 21:59 - 05939984 _____ C:\Users\Valued Customer\Downloads\Smart_Card_Manager-1.0.1-6-2(1).exe
2015-06-19 21:59 - 2015-06-19 21:59 - 00001948 _____ C:\Users\Kids\Desktop\Smart Card Manager.lnk
2015-06-19 21:41 - 2015-06-19 21:41 - 00001189 _____ C:\Users\Public\Desktop\InstallRoot 4.1.lnk
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\DoD-PKE
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoD-PKE
2015-06-19 21:41 - 2015-06-19 21:41 - 00000000 ____D C:\Program Files (x86)\DoD-PKE
2015-06-19 21:40 - 2015-06-19 21:40 - 09186304 _____ C:\Users\Valued Customer\Downloads\InstallRoot_4.1x32.msi
2015-06-19 21:33 - 2015-06-19 21:33 - 02538496 _____ C:\Users\Valued Customer\Downloads\opensc-0.13.0-win32(1).msi
2015-06-18 17:39 - 2015-06-18 17:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-18 17:39 - 2015-06-18 17:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 16:57 - 2015-03-05 19:14 - 00000008 __RSH C:\Users\Valued Customer\ntuser.pol
2015-07-14 16:57 - 2013-09-25 08:54 - 00102189 _____ C:\Windows\setupact.log
2015-07-14 16:57 - 2011-02-25 10:58 - 00323798 _____ C:\Windows\PFRO.log
2015-07-14 16:57 - 2010-12-28 12:40 - 01092468 _____ C:\Windows\WindowsUpdate.log
2015-07-14 16:57 - 2010-12-28 12:40 - 00000000 ____D C:\Users\Valued Customer
2015-07-14 16:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 16:57 - 2009-07-13 23:45 - 00033216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 16:57 - 2009-07-13 23:45 - 00033216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 16:56 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-14 16:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-14 16:54 - 2014-10-16 21:20 - 00000911 _____ C:\Windows\Tasks\EPSON XP-410 Series Update {BEAF1A67-B16C-4804-A218-450E80458F8F}.job
2015-07-14 16:54 - 2014-10-16 21:20 - 00000725 _____ C:\Windows\Tasks\EPSON XP-410 Series Invitation {BEAF1A67-B16C-4804-A218-450E80458F8F}.job
2015-07-14 16:54 - 2013-09-30 19:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 16:54 - 2013-09-30 18:24 - 00000911 _____ C:\Windows\Tasks\EPSON XP-410 Series Update {F501C069-3CC5-4CD9-B97D-631A6BA9AE91}.job
2015-07-14 16:54 - 2013-09-30 18:24 - 00000725 _____ C:\Windows\Tasks\EPSON XP-410 Series Invitation {F501C069-3CC5-4CD9-B97D-631A6BA9AE91}.job
2015-07-14 03:24 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-14 00:00 - 2014-01-23 08:48 - 00000000 ____D C:\Users\Valued Customer\Desktop\HomePics
2015-07-12 17:47 - 2015-03-04 21:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-08 20:29 - 2013-09-30 19:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 20:29 - 2013-09-30 19:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 20:29 - 2013-09-30 19:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-07 19:01 - 2009-07-14 00:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 18:57 - 2015-06-10 11:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-07 18:57 - 2015-02-27 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 17:59 - 2013-10-01 14:25 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Adobe
2015-07-07 17:58 - 2015-02-27 22:16 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 17:58 - 2015-02-27 22:16 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-07 17:39 - 2015-03-04 21:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-05 05:08 - 2010-12-28 12:57 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-19 21:59 - 2014-12-19 11:47 - 00001948 _____ C:\Users\Valued Customer\Desktop\Smart Card Manager.lnk
2015-06-19 21:59 - 2014-12-19 11:47 - 00000000 ____D C:\Windows\egate2.4
2015-06-19 21:56 - 2014-11-06 12:36 - 00000000 ____D C:\ProgramData\Origin
2015-06-18 17:39 - 2015-03-04 21:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-18 17:39 - 2015-03-04 21:12 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys

==================== Files in the root of some directories =======

2010-05-14 17:01 - 2010-05-14 17:01 - 0002917 _____ () C:\Program Files (x86)\uninstal.log
2014-12-01 19:42 - 2014-12-01 19:45 - 0005120 _____ () C:\Users\Valued Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-27 17:57 - 2015-02-27 17:57 - 0000906 _____ () C:\ProgramData\JunkCleaner.lnk
2013-10-21 20:10 - 2013-10-21 20:10 - 0000949 _____ () C:\ProgramData\Turn Off Monitor.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-18 18:18

==================== End of log ============================



#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 15 July 2015 - 08:33 AM

You're welcome :)

How is it running now?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 jkarl

jkarl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 July 2015 - 03:54 PM

It seems to have fixed the problem for now! Great I appreciate everything!!!

:thumbsup2:



#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 16 July 2015 - 06:05 AM

Please stay with me, we are not done yet. :)


Go here and click 'ESET Online Scanner'.

  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
    Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.

===================================================

  • Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

===================================================

On your next reply please post :
ESET log
MBAM log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.


Edited by Conspire, 16 July 2015 - 06:07 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 21 July 2015 - 03:24 AM

Still with us?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 jkarl

jkarl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 21 July 2015 - 03:08 PM

Hello! Sorry for the delay, was out of town..

 

C:\AdwCleaner\Quarantine\C\Users\Valued Customer\AppData\Local\28367360-1425056202-11DD-AA73-60A44CCF3F86\onso9546.tmp.vir    a variant of Win32/Adware.ConvertAd.BW application
C:\AdwCleaner\Quarantine\C\Users\Valued Customer\AppData\Local\28367360-1425056202-11DD-AA73-60A44CCF3F86\pnsi9575.exe.vir    a variant of Win32/Adware.ConvertAd.UE.gen application
C:\AdwCleaner\Quarantine\C\Users\Valued Customer\AppData\Local\28367360-1425056202-11DD-AA73-60A44CCF3F86\rnso9545.exe.vir    a variant of Win32/Adware.ConvertAd.PU application
C:\AdwCleaner\Quarantine\C\Users\Valued Customer\AppData\Local\28367360-1425056202-11DD-AA73-60A44CCF3F86\snso9544.tmp.vir    a variant of Win32/Adware.AdService.BL application
C:\AdwCleaner\Quarantine\C\Users\Valued Customer\AppData\Local\28367360-1425056202-11DD-AA73-60A44CCF3F86\Uninstall.exe.vir    Win32/Adware.ConvertAd.PY application
C:\AdwCleaner\Quarantine\C\Users\Valued Customer\AppData\Roaming\MTN.vir    JS/Toolbar.Crossrider.C potentially unwanted application
C:\Program Files (x86)\Pandaje Group\Junk Cleaner\JunkCleaner.exe    MSIL/Adware.Pandaje.A application
C:\Users\Valued Customer\AppData\Roaming\28367360-1425056150-11DD-AA73-60A44CCF3F86\rnsdC40.exe    a variant of Win32/Adware.ConvertAd.PU application
C:\Users\Valued Customer\AppData\Roaming\28367360-1425056150-11DD-AA73-60A44CCF3F86\Uninstall.exe    Win32/Adware.ConvertAd.BS application
C:\Users\Valued Customer\AppData\Roaming\28367360-1425056150-11DD-AA73-60A44CCF3F86\vnssC393.tmp    a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\Users\Valued Customer\Downloads\debutpsetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Valued Customer\Downloads\Unconfirmed 122987.crdownload    a variant of Win32/InstallCore.WT potentially unwanted application
C:\Users\Valued Customer\Downloads\Unconfirmed 171656.crdownload    a variant of Win32/InstallCore.WT potentially unwanted application
C:\Users\Valued Customer\Downloads\Unconfirmed 522085.crdownload    a variant of Win32/InstallCore.WT potentially unwanted application
C:\Users\Valued Customer\Downloads\Unconfirmed 979810.crdownload    a variant of Win32/InstallCore.WT potentially unwanted application
C:\Users\Valued Customer\Downloads\Unconfirmed 990270.crdownload    a variant of Win32/InstallCore.WT potentially unwanted application
E:\AVA-406270-1\Backup Set 2014-02-23 202855\Backup Files 2014-04-13 190000\Backup files 3.zip    Win32/Toolbar.Conduit.R potentially unwanted application
E:\AVA-406270-1\Backup Set 2014-04-27 190000\Backup Files 2014-08-10 190000\Backup files 3.zip    Win32/Conduit.SearchProtect.U potentially unwanted application
E:\AVA-406270-1\Backup Set 2014-04-27 190000\Backup Files 2014-08-17 190000\Backup files 4.zip    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
E:\AVA-406270-1\Backup Set 2014-08-24 190000\Backup Files 2014-08-24 190000\Backup files 8.zip    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
E:\AVA-406270-1\Backup Set 2014-08-24 190000\Backup Files 2014-08-24 190000\Backup files 9.zip    Win32/Conduit.SearchProtect.U potentially unwanted application
E:\AVA-406270-1\Backup Set 2014-11-17 164735\Backup Files 2014-11-17 164735\Backup files 10.zip    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
E:\AVA-406270-1\Backup Set 2014-11-17 164735\Backup Files 2014-11-17 164735\Backup files 11.zip    Win32/Conduit.SearchProtect.U potentially unwanted application
E:\AVA-406270-1\Backup Set 2015-01-04 193159\Backup Files 2015-01-04 193159\Backup files 12.zip    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
E:\AVA-406270-1\Backup Set 2015-01-04 193159\Backup Files 2015-01-04 193159\Backup files 13.zip    Win32/Conduit.SearchProtect.U potentially unwanted application
E:\AVA-406270-1\Backup Set 2015-01-04 193159\Backup Files 2015-03-01 190000\Backup files 1.zip    multiple threats
E:\AVA-406270-1\Backup Set 2015-01-04 193159\Backup Files 2015-03-01 190000\Backup files 3.zip    a variant of Win32/InstallCore.WT potentially unwanted application
E:\AVA-406270-1\Backup Set 2015-03-22 190001\Backup Files 2015-03-22 190001\Backup files 15.zip    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
E:\AVA-406270-1\Backup Set 2015-03-22 190001\Backup Files 2015-03-22 190001\Backup files 16.zip    a variant of Win32/InstallCore.WT potentially unwanted application
E:\AVA-406270-1\Backup Set 2015-03-22 190001\Backup Files 2015-03-22 190001\Backup files 3.zip    JS/Toolbar.Crossrider.C potentially unwanted application
E:\AVA-406270-1\Backup Set 2015-03-22 190001\Backup Files 2015-03-22 190001\Backup files 4.zip    multiple threats
E:\AVA-406270-1\Backup Set 2015-03-22 190001\Backup Files 2015-03-22 190001\Backup files 5.zip    multiple threats
E:\AVA-406270-1\Backup Set 2015-05-21 161014\Backup Files 2015-05-21 161014\Backup files 16.zip    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
E:\AVA-406270-1\Backup Set 2015-05-21 161014\Backup Files 2015-05-21 161014\Backup files 17.zip    a variant of Win32/InstallCore.WT potentially unwanted application
E:\AVA-406270-1\Backup Set 2015-05-21 161014\Backup Files 2015-05-21 161014\Backup files 3.zip    JS/Toolbar.Crossrider.C potentially unwanted application
E:\AVA-406270-1\Backup Set 2015-05-21 161014\Backup Files 2015-05-21 161014\Backup files 4.zip    multiple threats
E:\AVA-406270-1\Backup Set 2015-05-21 161014\Backup Files 2015-05-21 161014\Backup files 5.zip    multiple threats
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2015
Scan Time: 2:51 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.21.06
Rootkit Database: v2015.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Valued Customer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416871
Time Elapsed: 8 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [84e600e4e7a34beb86e182887c87718f],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [7cee8262a8e20531fec1098e03018080],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [93d7bf250e7c40f64544d2bedf25de22],

Registry Values: 1
PUM.Bad.Proxy, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13081, Quarantined, [3337ba2aaedcb77fa3fd632a57ad8878]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.MultiPlug.Gen, C:\Users\Valued Customer\AppData\Roaming\28367360-1425056150-11DD-AA73-60A44CCF3F86, Quarantined, [3337737182081d19bd9e236aaa5afe02],
PUP.Optional.PortableWeatherApp.C, C:\Program Files (x86)\Portable WeatherApp, Quarantined, [3e2c30b4c2c886b04b71c8cf21e34fb1],

Files: 6
PUP.Optional.MultiPlug.Gen, C:\Users\Valued Customer\AppData\Roaming\28367360-1425056150-11DD-AA73-60A44CCF3F86\vnssC393.tmp, Quarantined, [3337737182081d19bd9e236aaa5afe02],
PUP.Optional.MultiPlug.Gen, C:\Users\Valued Customer\AppData\Roaming\28367360-1425056150-11DD-AA73-60A44CCF3F86\rnsdC40.exe, Quarantined, [3337737182081d19bd9e236aaa5afe02],
PUP.Optional.MultiPlug.Gen, C:\Users\Valued Customer\AppData\Roaming\28367360-1425056150-11DD-AA73-60A44CCF3F86\Uninstall.exe, Quarantined, [3337737182081d19bd9e236aaa5afe02],
PUP.Optional.SearchModule.A, C:\Windows\System32\Tasks\SMWUpd, Quarantined, [d29844a0206aef477aaca0f560a416ea],
PUP.Optional.PortableWeatherApp.C, C:\Program Files (x86)\Portable WeatherApp\infodts.dat, Quarantined, [3e2c30b4c2c886b04b71c8cf21e34fb1],
PUP.Optional.PortableWeatherApp.C, C:\Program Files (x86)\Portable WeatherApp\ProductKey.txt, Quarantined, [3e2c30b4c2c886b04b71c8cf21e34fb1],

Physical Sectors: 0
(No malicious items detected)


(end)



#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 22 July 2015 - 07:35 AM

Now you're good to go.

Time for some housekeeping.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.
===================================================

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT has an add-on available for both Firefox and IE.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

    Hopefully this should take care of your problems! Good luck.

    Do you have any questions or problems to ask? Please do not hesitate to do so.

    **Please respond this one more time to ensure it is resolved and close this topic.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 27 July 2015 - 01:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users