Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 PC Unable to update Kaspersky


  • This topic is locked This topic is locked
2 replies to this topic

#1 jhughes88

jhughes88

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 10 October 2015 - 02:01 PM

I have one computer out of 5 that we just installed Kaspersky Internet Security 2016 and won't download updates.  It appears it may be infected with something or the leftovers of something because i can't browse to kaspersky.com and when I ping kaspersky.com i get a "General Failure". 
 
The other 4 computers on the same network do not have this issue.  I've run Hitman, adwcleaner and tdsskiller and they all come back clean.  I've also reset winsock, tcpip, proxy and flushed dns (netsh winsock reset, netsh int ip reset all, netsh winhttp reset proxy, and ipconfig /flushdns).
 
Hope someone can help me resolve this issue.
 
Thanks,
J

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
Ran by FMS (administrator) on FMS-PC (10-10-2015 17:34:50)
Running from C:\Users\FMS\Downloads
Loaded Profiles: FMS (Available Profiles: FMS & backupadmin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_system_customer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_host_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_customer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\FMS\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\FMS\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\FMS\AppData\Roaming\Spotify\Spotify.exe
(Akamai Technologies, Inc.) C:\Users\FMS\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\FMS\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\FMS\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\FMS\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Veeam.EndPoint.Tray.exe] => C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe [494024 2015-04-07] (Veeam Software AG)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [456704 2015-10-02] (Code 42 Software, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Run: [Best Buy pc app] => C:\Users\FMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Run: [Spotify Web Helper] => C:\Users\FMS\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-10] (Spotify Ltd)
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Run: [Akamai NetSession Interface] => C:\Users\FMS\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Run: [Spotify] => C:\Users\FMS\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-10] (Spotify Ltd)
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [456224 2010-07-29] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-04-05]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-04-05]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\FMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-05-09]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465} <======= ATTENTION (Restriction - IP)
Tcpip\..\Interfaces\{0064A6D4-5426-493F-9348-BF4FF2B6DDBE}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{73F1D431-034C-4732-B6EC-42A8B55BE6C6}: [NameServer] 192.168.1.1,8.8.8.8
Tcpip\..\Interfaces\{B77BFDFC-0AD0-4F10-A810-668E187E95A6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3608809458-263933478-3090673567-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-23] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3608809458-263933478-3090673567-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3608809458-263933478-3090673567-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.7.0/jinstall-7u11-windows-i586.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-22] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-22] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3608809458-263933478-3090673567-1000: @citrixonline.com/appdetectorplugin -> C:\Users\FMS\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-12] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-09-29]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-02]
CHR Extension: (Google Drive) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-02]
CHR Extension: (YouTube) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-02]
CHR Extension: (Google Search) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-02]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-29]
CHR Extension: (iCloud Bookmarks) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-05-01]
CHR Extension: (Google Docs Offline) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Yahoo Web) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2015-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\FMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-02]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-05-09] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-07-09] (AO Kaspersky Lab)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [269592 2015-07-01] (Code 42 Software)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-07-16] (Citrix Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [87040 2015-04-07] (Veeam Software AG) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [931000 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [30392 2015-06-08] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 ute1njaz; C:\Windows\SysWOW64\Drivers\ute1njaz.sys [7168 2015-10-10] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 17:34 - 2015-10-10 17:35 - 00028634 _____ C:\Users\FMS\Downloads\FRST.txt
2015-10-10 16:52 - 2015-10-10 17:17 - 00000000 ____D C:\Windows\Minidump
2015-10-10 16:07 - 2015-10-10 17:34 - 00000000 ____D C:\FRST
2015-10-10 16:06 - 2015-10-10 16:07 - 02195456 _____ (Farbar) C:\Users\FMS\Downloads\FRST64.exe
2015-10-10 15:51 - 2015-10-10 15:51 - 00000000 ____D C:\Users\FMS\Desktop\GetSystemInfo_FMS-PC_FMS_10_10_2015_15_46_45
2015-10-10 15:35 - 2015-10-10 15:35 - 00000000 ____D C:\Users\FMS\Desktop\GetSystemInfo_FMS-PC_FMS_10_10_2015_15_19_47
2015-10-10 15:13 - 2015-10-10 15:13 - 00380416 _____ C:\Users\FMS\Downloads\508enc4k.exe
2015-10-10 15:05 - 2015-10-10 15:07 - 00000000 ____D C:\AdwCleaner
2015-10-10 15:03 - 2015-10-10 15:03 - 01682432 _____ C:\Users\FMS\Downloads\AdwCleaner.exe
2015-10-10 14:44 - 2015-10-10 14:42 - 38796440 _____ (Kaspersky Lab) C:\Users\FMS\Downloads\KasperskyLogUtility.exe
2015-10-02 16:47 - 2015-10-02 16:54 - 00000938 _____ C:\Users\FMS\Desktop\Install Kaspersky Internet Security version 16.0.0.614.lnk
2015-10-02 16:47 - 2015-10-02 16:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-10-02 16:43 - 2015-10-02 16:54 - 43975828 _____ C:\Users\FMS\Downloads\2015-08-10_85% CD Set.zip
2015-09-29 23:00 - 2015-10-10 15:49 - 00007168 _____ C:\Windows\SysWOW64\Drivers\ute1njaz.sys
2015-09-29 22:31 - 2015-09-29 22:30 - 20097224 _____ C:\Users\FMS\Downloads\GetSystemInfo6.0.exe
2015-09-29 22:17 - 2015-09-29 22:17 - 00014386 _____ C:\Windows\system32\.crusader
2015-09-29 22:13 - 2015-09-29 22:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-29 22:13 - 2015-09-29 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 22:10 - 2015-09-29 22:09 - 04383777 _____ C:\Users\FMS\Downloads\tdsskiller.zip
2015-09-29 22:07 - 2015-09-29 22:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\FMS\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-29 21:57 - 2015-09-29 21:58 - 11350472 _____ (SurfRight B.V.) C:\Users\FMS\Downloads\HitmanPro_x64.exe
2015-09-29 09:40 - 2015-09-29 09:40 - 00002401 _____ C:\Users\FMS\Desktop\Safe Money.lnk
2015-09-29 09:39 - 2015-10-10 17:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-09-29 09:39 - 2015-09-29 09:39 - 00002139 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-09-29 09:39 - 2015-09-29 09:39 - 00000000 ____D C:\Windows\ELAMBKUP
2015-09-29 09:39 - 2015-09-29 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-09-29 09:39 - 2015-09-29 09:39 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-09-29 09:39 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-09-29 09:39 - 2015-06-30 01:05 - 00931000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-09-29 09:39 - 2015-06-30 01:05 - 00171192 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-09-29 09:39 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-09-29 09:28 - 2015-10-02 16:54 - 01907824 _____ (Kaspersky Lab) C:\Users\FMS\Downloads\kis16.0.0.614en_8204.exe
2015-09-29 09:22 - 2015-09-29 09:22 - 00000000 ____D C:\Users\backupadmin\AppData\Local\Veeam_Software_AG
2015-09-29 09:22 - 2015-09-29 09:22 - 00000000 ____D C:\Users\backupadmin\AppData\Local\GWX
2015-09-29 09:22 - 2015-09-29 09:22 - 00000000 ____D C:\Users\backupadmin\AppData\Local\Deployment
2015-09-29 09:22 - 2015-09-29 09:22 - 00000000 ____D C:\Users\backupadmin\AppData\Local\Apps\2.0
2015-09-29 09:21 - 2015-09-29 09:21 - 00118960 _____ C:\Users\backupadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-29 09:21 - 2015-09-29 09:21 - 00001420 _____ C:\Users\backupadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-29 09:21 - 2015-09-29 09:21 - 00000000 ____D C:\Users\backupadmin\AppData\Roaming\Apple Computer
2015-09-29 09:21 - 2015-09-29 09:21 - 00000000 ____D C:\Users\backupadmin\AppData\Roaming\Adobe
2015-09-29 09:21 - 2015-09-29 09:21 - 00000000 ____D C:\Users\backupadmin\AppData\Local\VirtualStore
2015-09-29 09:21 - 2015-09-29 09:21 - 00000000 ____D C:\Users\backupadmin\AppData\Local\Google
2015-09-29 09:21 - 2015-09-29 09:21 - 00000000 ____D C:\Users\backupadmin\AppData\Local\Adobe
2015-09-29 09:20 - 2015-09-29 09:21 - 00000000 ____D C:\Users\backupadmin
2015-09-29 09:20 - 2015-09-29 09:20 - 00000020 ___SH C:\Users\backupadmin\ntuser.ini
2015-09-29 09:20 - 2012-08-16 19:20 - 00000000 ____D C:\Users\backupadmin\AppData\Local\Microsoft Help
2015-09-29 09:20 - 2012-04-06 00:14 - 00000000 ____D C:\Users\backupadmin\AppData\Roaming\Macromedia
2015-09-29 09:20 - 2009-07-14 00:54 - 00000000 ___RD C:\Users\backupadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-29 09:20 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\backupadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-28 07:18 - 2015-09-28 07:18 - 00002613 _____ C:\ipconfig.txt
2015-09-23 10:53 - 2015-09-23 10:53 - 13612771 _____ C:\Users\FMS\Downloads\1320-49 Collins_Cad Files_2015-0916.zip
2015-09-23 10:17 - 2015-09-23 10:18 - 86810033 _____ C:\Users\FMS\Downloads\Santona pdf files.zip
2015-09-23 09:31 - 2015-09-23 09:31 - 00000000 ____D C:\Users\FMS\AppData\Roaming\Sun
2015-09-23 09:31 - 2015-09-23 09:31 - 00000000 ____D C:\Users\FMS\.oracle_jre_usage
2015-09-10 09:57 - 2015-09-10 09:58 - 19062052 _____ C:\Users\FMS\Downloads\STRU.zip
2015-09-10 09:55 - 2015-09-10 09:56 - 02135196 _____ C:\Users\FMS\Downloads\ELEC.zip
2015-09-10 09:52 - 2015-09-10 09:53 - 12410770 _____ C:\Users\FMS\Downloads\ARCH.zip
2015-09-10 09:49 - 2015-09-10 09:49 - 01442456 _____ C:\Users\FMS\Downloads\A-CP00.dwg
2015-09-10 09:49 - 2015-09-10 09:49 - 01442456 _____ C:\Users\FMS\Downloads\A-CP00 (1).dwg
2015-09-10 02:58 - 2015-09-30 00:03 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 17:31 - 2014-05-12 13:46 - 00000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3608809458-263933478-3090673567-1000.job
2015-10-10 17:26 - 2012-05-04 09:15 - 01394690 _____ C:\Windows\WindowsUpdate.log
2015-10-10 17:09 - 2009-07-14 00:45 - 00032704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-10 17:09 - 2009-07-14 00:45 - 00032704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-10 17:06 - 2012-08-17 08:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 17:04 - 2014-05-21 22:36 - 00000000 ____D C:\Users\FMS\AppData\Local\Spotify
2015-10-10 17:04 - 2014-05-21 22:35 - 00000000 ____D C:\Users\FMS\AppData\Roaming\Spotify
2015-10-10 17:03 - 2012-08-17 08:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-10 16:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-10 16:52 - 2009-07-14 00:51 - 00054674 _____ C:\Windows\setupact.log
2015-10-10 15:52 - 2012-04-06 00:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-10 15:38 - 2015-05-30 15:29 - 00000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3608809458-263933478-3090673567-1000.job
2015-10-10 15:05 - 2012-08-16 18:07 - 00000000 ____D C:\Users\FMS\Documents\Outlook Files
2015-10-10 14:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-10 13:15 - 2014-05-01 18:07 - 00000000 ____D C:\Users\FMS\AppData\Local\6F1D554B-FD57-455A-ACFB-FCE6F0290054.aplzod
2015-10-10 02:00 - 2012-08-16 17:44 - 00000000 ____D C:\Users\FMS\AppData\Local\Adobe
2015-10-09 12:37 - 2012-08-16 17:59 - 00059076 _____ C:\Users\FMS\Documents\plot.log
2015-10-07 18:41 - 2014-10-08 15:09 - 00000563 _____ C:\Users\FMS\Documents\ConversionList1.bcl
2015-10-07 18:40 - 2014-08-05 17:27 - 00000539 _____ C:\Users\FMS\Documents\Conversion.txt
2015-10-02 21:28 - 2015-07-09 18:44 - 00000000 ____D C:\Program Files\CrashPlan
2015-10-02 09:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-30 11:01 - 2010-11-20 23:47 - 00617172 _____ C:\Windows\PFRO.log
2015-09-30 02:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Speech
2015-09-30 00:07 - 2007-07-11 21:49 - 00000000 ____D C:\Windows\Panther
2015-09-29 23:18 - 2012-08-20 16:06 - 00000000 ____D C:\temp
2015-09-29 22:42 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-09-29 22:21 - 2014-09-29 19:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-25 13:22 - 2012-08-16 18:15 - 00001945 _____ C:\Windows\epplauncher.mif
2015-09-25 11:08 - 2013-05-14 09:23 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 14:27 - 2015-01-28 18:10 - 00000000 ____D C:\Users\FMS\AppData\Local\Akamai
2015-09-23 09:33 - 2013-11-11 10:28 - 00000000 ____D C:\ProgramData\Oracle
2015-09-23 09:31 - 2014-10-15 16:51 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-23 09:31 - 2014-10-15 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-23 09:31 - 2012-10-18 08:33 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-23 09:31 - 2012-08-16 13:24 - 00000000 ____D C:\Users\FMS
2015-09-22 04:52 - 2012-04-06 00:10 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 04:52 - 2012-04-06 00:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 04:52 - 2012-04-06 00:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-19 03:25 - 2015-05-30 15:29 - 00003664 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3608809458-263933478-3090673567-1000
2015-09-19 03:25 - 2014-05-12 13:46 - 00003568 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3608809458-263933478-3090673567-1000
2015-09-17 11:42 - 2012-08-16 17:33 - 00000000 ____D C:\Users\FMS\AppData\Roaming\Adobe
2015-09-15 02:01 - 2012-08-17 08:21 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 02:01 - 2012-08-17 08:21 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2012-08-28 10:29 - 2015-06-17 09:29 - 0034703 _____ () C:\Users\FMS\AppData\Roaming\ACT! 3.x, 4.x, 2000 Contact Manager for Windows.ADR
2012-08-28 10:29 - 2015-06-17 09:29 - 0012193 _____ () C:\Users\FMS\AppData\Roaming\ACT! 3.x, 4.x, 2000 Contact Manager for Windows.CAL
2012-08-28 10:29 - 2015-06-17 09:29 - 0010453 _____ () C:\Users\FMS\AppData\Roaming\ACT! 3.x, 4.x, 2000 Contact Manager for Windows.TSK
2013-07-20 00:19 - 2013-11-06 16:42 - 0000005 _____ () C:\Users\FMS\AppData\Roaming\mbam.context.scan
2014-02-24 12:45 - 2014-02-24 12:45 - 0000028 _____ () C:\Users\FMS\AppData\Roaming\WB.CFG
2013-01-11 09:58 - 2013-01-11 09:58 - 2250054 _____ () C:\ProgramData\1.bmp
2013-01-11 09:58 - 2013-01-11 09:58 - 0444366 _____ () C:\ProgramData\1.jpg

Some files in TEMP:
====================
C:\Users\FMS\AppData\Local\Temp\7za.exe
C:\Users\FMS\AppData\Local\Temp\sqlite3.dll
C:\Users\FMS\AppData\Local\Temp\_isC640.exe
C:\Users\FMS\AppData\Local\Temp\_isF990.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 00:13

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by FMS (2015-10-10 17:35:29)
Running from C:\Users\FMS\Downloads
Windows 7 Professional Service Pack 1 (X64) (2012-08-16 17:24:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3608809458-263933478-3090673567-500 - Administrator - Disabled)
backupadmin (S-1-5-21-3608809458-263933478-3090673567-1002 - Administrator - Enabled) => C:\Users\backupadmin
FMS (S-1-5-21-3608809458-263933478-3090673567-1000 - Administrator - Enabled) => C:\Users\FMS
Guest (S-1-5-21-3608809458-263933478-3090673567-501 - Limited - Disabled)
jhughes (S-1-5-21-3608809458-263933478-3090673567-1001 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Out of date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
ACT! 2000 (HKLM-x32\...\ACT! 2000) (Version:  - )
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe InDesign CS5 (HKLM-x32\...\{F9766AC1-1461-1033-B862-DF8FE1C033BE}) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD LT 2011 - English (HKLM\...\AutoCAD LT 2011 - English) (Version: 18.1.49.0 - Autodesk)
AutoCAD LT 2011 - English (Version: 18.1.116.0 - Autodesk) Hidden
AutoCAD LT 2011 - English Version 2.1 (HKLM\...\AutoCAD LT 2011 - English Version 2.1) (Version: 1 - Autodesk)
AutoCAD LT 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CrashPlan (HKLM\...\{3E477F15-1215-4857-9D47-F58F0862F92F}) (Version: 4.3.0 - Code 42 Software)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3313.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Manager and Options (HKLM\...\Download_Manager_and_Options) (Version: 1.0 - Download Manager and Options)
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3506 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Customer 2.3.0.818 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.3.0.818 - Citrix Online)
GoToAssist Unattended Customer 2.3.0.818 (HKLM-x32\...\{8986461A-C5B9-4E8B-827A-FA68F3411818}) (Version: 2.3.0.818 - Citrix Online)
GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Gateway Incorporated)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LiveUpdate (HKLM-x32\...\LiveUpdate) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11100.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10400 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SP C250SF/C252SF LAN (HKLM-x32\...\{FADBC704-00A7-45FD-A3CF-4B9F8D4DB234}) (Version: 1.00.0.0 - Ricoh)
Spotify (HKU\S-1-5-21-3608809458-263933478-3090673567-1000\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Veeam Endpoint Backup (HKLM\...\{25A9964F-7DB0-4E86-B39B-CAC5A42F191D}) (Version: 1.0.0.1954 - Veeam Software AG)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3507 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D5}) (Version: 16.5.10096 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\FMS\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\FMS\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\ContextMenu.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\FMS\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\FMS\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2011\acadltficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\FMS\AppData\Local\Citrix\GoToMeeting\3215\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\FMS\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\FMS\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\FMS\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2011\acadlt.exe (Autodesk, Inc.)

==================== Restore Points =========================

09-10-2015 14:22:02 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-09-29 22:02 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0127615F-4383-4514-B22C-9B86D60D4E3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3DC8A2D8-FFF1-426A-AADA-DF6D715A173E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {48088C80-F500-4BD9-B5E9-73C3E7DDFDEB} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {59E68238-5EA1-44CE-8C0B-321C4967FA00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {80948D55-AB9F-4012-802B-7A33A422DDE0} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2012-01-16] (Nero AG)
Task: {8FFB351D-F7E2-4FC5-8619-5888C1F3B1A9} - System32\Tasks\Network.bat => C:\network.bat [2015-07-09] ()
Task: {96D568E2-1916-4B1B-B90C-E92F9180ACEF} - System32\Tasks\Crashplan.bat => C:\crashplan.bat [2015-07-09] ()
Task: {A6B81202-3FD9-4BB1-A39D-629A548AFDDB} - System32\Tasks\G2MUploadTask-S-1-5-21-3608809458-263933478-3090673567-1000 => C:\Users\FMS\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B3B05539-8E36-4805-9FEF-3A4D164D0F74} - \Digital Sites -> No File <==== ATTENTION
Task: {B8A49DAF-BBA9-421E-801E-435A386081D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE2231EF-052E-4D4A-80D7-4A8E77E7CAA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F1D7631F-3FD5-4C62-85FE-E22430D26190} - System32\Tasks\AdobeAAMUpdater-1.0-FMS-PC-FMS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {FD5B87AF-2E7D-4E09-BEDC-1FD7C625B769} - System32\Tasks\G2MUpdateTask-S-1-5-21-3608809458-263933478-3090673567-1000 => C:\Users\FMS\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3608809458-263933478-3090673567-1000.job => C:\Users\FMS\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3608809458-263933478-3090673567-1000.job => C:\Users\FMS\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-10-02 21:27 - 2015-10-02 21:27 - 00236544 _____ () \\?\C:\Program Files\CrashPlan\cpnative64.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-04-06 00:30 - 2011-12-15 02:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-06 22:17 - 2012-02-06 22:17 - 00636520 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2014-10-16 03:32 - 2014-10-16 03:32 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-05-04 09:23 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-04 09:27 - 2012-02-07 21:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-19 14:40 - 2015-10-10 15:13 - 50680424 _____ () C:\Users\FMS\AppData\Roaming\Spotify\libcef.dll
2012-02-06 22:18 - 2012-02-06 22:18 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2015-03-19 14:40 - 2015-10-10 15:13 - 01882728 _____ () C:\Users\FMS\AppData\Roaming\Spotify\libglesv2.dll
2015-03-19 14:40 - 2015-10-10 15:13 - 00083048 _____ () C:\Users\FMS\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3608809458-263933478-3090673567-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\FMS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{25AF73A9-D4FF-48F5-BAA5-876BB63A3CED}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{83E41B18-DB5F-4639-9125-59CAEE676914}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{970AC48B-FDED-42E6-9423-1E7AD54B7416}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{00F875D5-A626-4ECF-88B4-8662A7446627}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [TCP Query User{6EEE1D1D-ADFB-459A-8D34-E3A4763ACD55}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe
FirewallRules: [UDP Query User{7454AD99-F020-4AF9-A1DB-D8048A78BE87}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe
FirewallRules: [TCP Query User{E8D7B9C5-28A1-4142-AF3A-1E62453EA500}C:\program files (x86)\controlcenter\iptool.exe] => (Allow) C:\program files (x86)\controlcenter\iptool.exe
FirewallRules: [UDP Query User{8D38BCE6-9A7B-4C2E-8866-E36A79EFFF72}C:\program files (x86)\controlcenter\iptool.exe] => (Allow) C:\program files (x86)\controlcenter\iptool.exe
FirewallRules: [TCP Query User{69D4DF57-5A0E-449B-A264-953DEBB5D031}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{A67F0563-2159-44D5-8AA5-160F89806184}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{36F4E387-46E9-40BC-8E4B-88985C30CFD5}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{312F5FFF-D294-427D-87B0-85F4790C272A}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{8D33BA2F-B85A-429F-96AB-5418AF807240}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{A427F28A-9FFF-4055-93F5-E0CD671D73E1}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{1C1764FA-C7B0-4443-AB76-9D5C47A54AE5}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{B21B89CA-9F98-4C4A-A618-1D1DD0E399CF}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{80B0980D-1D73-4324-BFDD-06EEFA348351}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{86125B46-D501-4544-BD02-7154865E60D2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{C1C4286C-54E4-47A2-A4FD-A91836B1861F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{1F83F867-2FF8-41E4-8FED-50E21056376C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [TCP Query User{1D2CC58F-8455-420F-A74A-C50C4ADB0953}C:\users\jhughes.systems-tech\desktop\tobedeleted\c351\ic402sys_v1\installer.exe] => (Allow) C:\users\jhughes.systems-tech\desktop\tobedeleted\c351\ic402sys_v1\installer.exe
FirewallRules: [UDP Query User{F6E23B08-6637-4CC2-A48F-CCDAB20D1ADA}C:\users\jhughes.systems-tech\desktop\tobedeleted\c351\ic402sys_v1\installer.exe] => (Allow) C:\users\jhughes.systems-tech\desktop\tobedeleted\c351\ic402sys_v1\installer.exe
FirewallRules: [{AA37C817-C688-46BC-8E0F-7ED7978B0C9E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{DE080AFA-BC1C-42A2-BFCC-30B232091A75}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{DD9AA9F8-E8A8-486C-9ADB-478FAB1E688E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{42DD7438-B046-4017-9D2E-117595BF7A5A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [TCP Query User{0CE5017E-3B05-43A1-9757-47C9334987ED}D:\windows\dsassistant\dsassistant.exe] => (Allow) D:\windows\dsassistant\dsassistant.exe
FirewallRules: [UDP Query User{28EF8943-01D7-4A49-9D83-AFBB7568902C}D:\windows\dsassistant\dsassistant.exe] => (Allow) D:\windows\dsassistant\dsassistant.exe
FirewallRules: [TCP Query User{6324C30F-AA58-4DBF-9703-917D5B948A31}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{756B6D33-F01D-4CF4-A57D-EE377A26F7EA}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{090D0143-507A-44F7-8233-7907707FDAA3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{024A6794-E242-4150-94CB-64DE4FE65CEB}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{7E583F31-CC4D-4F3D-BAB7-E5F990B692FC}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{269767B6-4C26-438B-9287-8AB56BFF0E91}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{822F211D-8BD7-4E75-A4A0-46D35C21D91B}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{AB58FE6A-EC9B-4D14-A8C0-888801399F78}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{364F7356-ABFF-41A5-BFDE-A44CD6B97F26}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{0BCF11E8-0CC9-4799-AD24-21D4447F101A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{5D43523E-325B-40D8-803A-0E2444274EA7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{1D77E90F-3924-4CB0-A7FC-A3934FE82EE5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3C2528CF-B0A7-4348-BE83-38D811C6344F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4A56D77A-9CD9-4920-AAB2-63F38FB04163}] => (Allow) C:\Users\jhughes.SYSTEMS-TECH\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7CFB5E38-BD7F-42E0-9E54-A923F74A92F3}] => (Allow) C:\Users\jhughes.SYSTEMS-TECH\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{0672B901-C261-469D-A149-88C842E4E8ED}C:\users\jhughes.systems-tech\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jhughes.systems-tech\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AC2F711F-442D-44DA-9A06-7E5DFAAC1E3A}C:\users\jhughes.systems-tech\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jhughes.systems-tech\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0A25CC29-247B-4A6D-8CDB-229B004DBC2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{255633E8-EBFD-43CF-BE28-87EE0674394B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CBD4516-BB2E-4C55-B840-7919C8E2C4A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF029D1D-F791-465F-8520-F066A9022F7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{948FB931-228E-40E6-A453-EA74078389DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{701D273B-E56B-4265-BF82-EEB2BC16F0C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{ACC60C2A-126F-40A7-8564-D88CF28C09EB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{9FF4C793-D527-4466-868C-9EDE37E28955}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{84EDE6E3-3A79-4713-AB72-7BA6EBA2386C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{D1B35C67-8AF5-4CFE-9D7B-F315DCA148C6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F7480B93-998A-4EC6-B413-97D583287EF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{9673683F-569D-4B89-94B5-F8952669F251}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{8D93861B-2BCD-4733-9580-935106D3D05B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{DEADF60A-7A54-4EE4-8427-3454E63AE54F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{992C3F06-14C3-4DDF-8862-B2FFD48AB65B}] => (Allow) C:\Program Files\Symform\Node Service\symformconfig.exe
FirewallRules: [{182E0197-008E-4D11-BB4C-B3E273642C27}] => (Allow) C:\Program Files\Symform\Node Service\symformcontrib.exe
FirewallRules: [{50B3C6F8-DF6C-4F28-A969-BD5A2EB2A2DC}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{5ABB55CB-F87D-4E6F-957E-8FFDC3E3EC8F}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{03CB99AB-5E36-4485-A339-BD8DD67F0C95}] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{BFDE17FE-2DCE-4A71-A4FA-78CFC23BD636}C:\users\fms\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\fms\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FA06743B-38EB-4C28-9DA7-ED3947C71ED2}C:\users\fms\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\fms\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{621F151A-C3E3-42EC-A97B-5E301F66E263}C:\users\fms\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fms\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{36470DD2-DFAE-409B-A3D0-5D9DC1793116}C:\users\fms\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fms\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{78FB4E9F-E666-4514-B90D-921F2FA87E60}C:\users\fms\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fms\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{27EA16AE-A3C2-40E5-BF6A-BFE367A9BA05}C:\users\fms\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fms\appdata\local\akamai\netsession_win.exe
FirewallRules: [{BCB7DE5B-A16B-4ED9-A930-9B171CDF6396}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Recovery.exe
FirewallRules: [{CCDFF7D0-1C81-4324-B14E-ABF20EAE9ADB}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{AEFA529D-1237-4BDA-8783-11400452A2DA}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{59FA6D54-C1BC-4DD0-B874-BDCC0A742537}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{01658AF3-31F9-470C-8758-F1049598C34D}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{676448AC-5643-4158-B607-023BE4157341}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{69221DF2-762C-41EA-AE61-73714E067996}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{400EDA7A-F4BF-41DE-966B-2BA2409A389E}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [{9F1AEBD8-5792-410B-9B88-BCA475CE48B9}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [{C9D58DE0-895C-41A3-B6D7-5A405F57F5BD}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [TCP Query User{8ED561EF-C07C-4FA1-A630-D8FC14DD528D}C:\users\fms\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fms\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B7ADCEEC-12C8-4719-9C22-EDD03DA5D0DB}C:\users\fms\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\fms\appdata\local\akamai\netsession_win.exe
FirewallRules: [{58EE43B3-DD4B-49AB-B43E-791A10DD1204}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7B2D3A9B-8E95-4323-9C97-BBCDFADC6321}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2015 05:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: GWXUI.dll, version: 6.3.9600.17923, time stamp: 0x55945bca
Exception code: 0xc0000005
Fault offset: 0x000000000002c064
Faulting process id: 0x1a94
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (10/10/2015 04:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2015 03:11:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2015 10:29:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x3214
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (10/09/2015 08:08:53 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000028B840).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (10/09/2015 08:08:53 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000028B840).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (10/09/2015 08:08:53 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000028B840).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (10/09/2015 08:08:37 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000028B840).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (10/09/2015 08:03:20 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000046D0C0).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (10/09/2015 08:03:20 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000046D0C0).


Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator


System errors:
=============
Error: (10/10/2015 05:12:24 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:12:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:12:04 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:11:55 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:11:37 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:11:28 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:11:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:11:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:10:48 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.

Error: (10/10/2015 05:10:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Gateway.


CodeIntegrity:
===================================
  Date: 2015-10-08 17:33:24.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-05 19:32:21.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-03 16:35:39.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-03 14:33:40.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-03 14:23:28.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-03 14:18:24.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-03 14:08:20.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-03 13:48:26.477
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-29 21:46:50.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-25 14:15:23.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 49%
Total physical RAM: 6022.59 MB
Available physical RAM: 3062.23 MB
Total Virtual: 12043.39 MB
Available Virtual: 8734.46 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:917.41 GB) (Free:782.05 GB) NTFS
Drive g: (ExtBackup) (Fixed) (Total:465.76 GB) (Free:274.11 GB) NTFS
Drive h: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:1570.71 GB) NTFS
Drive s: (Share) (Network) (Total:1829.25 GB) (Free:1155.42 GB) NTFS
Drive t: (Acct) (Network) (Total:1829.25 GB) (Free:1155.42 GB) NTFS
Drive w: (Share) (Network) (Total:1829.25 GB) (Free:1155.42 GB) NTFS
Drive x: (Acct) (Network) (Total:1829.25 GB) (Free:1155.42 GB) NTFS
Drive y: (Apps) (Network) (Total:1829.25 GB) (Free:1155.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F4AD2089)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 8831AAE5)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 11 October 2015 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465} <======= ATTENTION (Restriction - IP)
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-3608809458-263933478-3090673567-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
S3 ute1njaz; C:\Windows\SysWOW64\Drivers\ute1njaz.sys [7168 2015-10-10] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
C:\Users\FMS\AppData\Local\Temp\7za.exe
C:\Users\FMS\AppData\Local\Temp\sqlite3.dll
C:\Users\FMS\AppData\Local\Temp\_isC640.exe
C:\Users\FMS\AppData\Local\Temp\_isF990.exe
AlternateDataStreams: C:\Windows\System32:BCA29B4E_Bb.gbp
AlternateDataStreams: C:\Users\Avell\Local Settings:init
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\FMS\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\ContextMenu.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3608809458-263933478-3090673567-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\FMS\AppData\Local\Citrix\GoToMeeting\3215\G2MOutlookAddin64.dll => No File
Task: {B3B05539-8E36-4805-9FEF-3A4D164D0F74} - \Digital Sites -> No File <==== ATTENTION
C:\Windows\SysWOW64\Drivers\ute1njaz.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:42 AM

Posted 16 October 2015 - 06:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users